2 * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include <openssl/x509.h>
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
21 static int update(EVP_MD_CTX
*ctx
, const void *data
, size_t datalen
)
23 EVPerr(EVP_F_UPDATE
, EVP_R_ONLY_ONESHOT_SUPPORTED
);
27 static int do_sigver_init(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
28 const EVP_MD
*type
, const char *mdname
,
29 const char *props
, ENGINE
*e
, EVP_PKEY
*pkey
,
30 EVP_SIGNATURE
*signature
, int ver
)
32 EVP_PKEY_CTX
*locpctx
= NULL
;
36 if (ctx
->provctx
!= NULL
) {
37 if (!ossl_assert(ctx
->digest
!= NULL
)) {
38 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
41 if (ctx
->digest
->freectx
!= NULL
)
42 ctx
->digest
->freectx(ctx
->provctx
);
46 if (ctx
->pctx
== NULL
) {
47 ctx
->pctx
= EVP_PKEY_CTX_new(pkey
, e
);
48 if (ctx
->pctx
== NULL
)
50 } else if (pkey
!= NULL
) {
51 if (!EVP_PKEY_up_ref(pkey
))
53 EVP_PKEY_free(ctx
->pctx
->pkey
);
54 ctx
->pctx
->pkey
= pkey
;
57 evp_pkey_ctx_free_old_ops(locpctx
);
58 if (locpctx
->pkey
== NULL
)
61 if (e
!= NULL
|| locpctx
->engine
!= NULL
)
64 if (signature
!= NULL
) {
65 if (!EVP_SIGNATURE_up_ref(signature
))
69 * TODO(3.0): Check for legacy handling. Remove this once all all
70 * algorithms are moved to providers.
72 switch (locpctx
->pkey
->type
) {
79 = EVP_SIGNATURE_fetch(NULL
, OBJ_nid2sn(locpctx
->pkey
->type
), NULL
);
81 if (signature
== NULL
) {
82 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
86 locpctx
->operation
= ver
? EVP_PKEY_OP_VERIFYCTX
87 : EVP_PKEY_OP_SIGNCTX
;
89 locpctx
->op
.sig
.signature
= signature
;
91 locpctx
->op
.sig
.sigprovctx
92 = signature
->newctx(ossl_provider_ctx(signature
->prov
));
93 if (locpctx
->op
.sig
.sigprovctx
== NULL
) {
94 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
98 evp_keymgmt_export_to_provider(locpctx
->pkey
, signature
->keymgmt
, 0);
99 if (provkey
== NULL
) {
100 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
104 if (mdname
== NULL
) {
105 mdname
= EVP_MD_name(type
);
106 ctx
->reqdigest
= type
;
109 * This might be requested by a later call to EVP_MD_CTX_md(). In that
110 * case the "explicit fetch" rules apply for that function (as per
111 * man pages), i.e. the ref count is not updated so the EVP_MD should
112 * not be used beyound the lifetime of the EVP_MD_CTX.
115 = ctx
->fetched_digest
117 ossl_provider_library_context(EVP_SIGNATURE_provider(signature
)),
122 if (signature
->digest_verify_init
== NULL
) {
123 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
126 ret
= signature
->digest_verify_init(locpctx
->op
.sig
.sigprovctx
, mdname
,
129 if (signature
->digest_sign_init
== NULL
) {
130 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
133 ret
= signature
->digest_sign_init(locpctx
->op
.sig
.sigprovctx
, mdname
,
139 evp_pkey_ctx_free_old_ops(locpctx
);
140 locpctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
144 if (!(ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)) {
148 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
149 type
= EVP_get_digestbynid(def_nid
);
153 EVPerr(EVP_F_DO_SIGVER_INIT
, EVP_R_NO_DEFAULT_DIGEST
);
159 if (ctx
->pctx
->pmeth
->verifyctx_init
) {
160 if (ctx
->pctx
->pmeth
->verifyctx_init(ctx
->pctx
, ctx
) <= 0)
162 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFYCTX
;
163 } else if (ctx
->pctx
->pmeth
->digestverify
!= 0) {
164 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFY
;
165 ctx
->update
= update
;
166 } else if (EVP_PKEY_verify_init(ctx
->pctx
) <= 0) {
170 if (ctx
->pctx
->pmeth
->signctx_init
) {
171 if (ctx
->pctx
->pmeth
->signctx_init(ctx
->pctx
, ctx
) <= 0)
173 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGNCTX
;
174 } else if (ctx
->pctx
->pmeth
->digestsign
!= 0) {
175 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGN
;
176 ctx
->update
= update
;
177 } else if (EVP_PKEY_sign_init(ctx
->pctx
) <= 0) {
181 if (EVP_PKEY_CTX_set_signature_md(ctx
->pctx
, type
) <= 0)
185 if (ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)
187 if (!EVP_DigestInit_ex(ctx
, type
, e
))
190 * This indicates the current algorithm requires
191 * special treatment before hashing the tbs-message.
193 if (ctx
->pctx
->pmeth
->digest_custom
!= NULL
)
194 return ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
);
199 int EVP_DigestSignInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
200 const char *mdname
, const char *props
, EVP_PKEY
*pkey
,
201 EVP_SIGNATURE
*signature
)
203 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, props
, NULL
, pkey
, signature
,
207 int EVP_DigestSignInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
208 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
210 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, e
, pkey
, NULL
, 0);
213 int EVP_DigestVerifyInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
214 const char *mdname
, const char *props
,
215 EVP_PKEY
*pkey
, EVP_SIGNATURE
*signature
)
217 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, props
, NULL
, pkey
, signature
,
221 int EVP_DigestVerifyInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
222 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
224 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, e
, pkey
, NULL
, 1);
226 #endif /* FIPS_MDOE */
228 int EVP_DigestSignUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
230 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
233 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
234 || pctx
->op
.sig
.sigprovctx
== NULL
235 || pctx
->op
.sig
.signature
== NULL
)
238 return pctx
->op
.sig
.signature
->digest_sign_update(pctx
->op
.sig
.sigprovctx
,
242 return EVP_DigestUpdate(ctx
, data
, dsize
);
245 int EVP_DigestVerifyUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
247 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
250 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
251 || pctx
->op
.sig
.sigprovctx
== NULL
252 || pctx
->op
.sig
.signature
== NULL
)
255 return pctx
->op
.sig
.signature
->digest_verify_update(pctx
->op
.sig
.sigprovctx
,
259 return EVP_DigestUpdate(ctx
, data
, dsize
);
263 int EVP_DigestSignFinal(EVP_MD_CTX
*ctx
, unsigned char *sigret
,
267 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
270 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
271 || pctx
->op
.sig
.sigprovctx
== NULL
272 || pctx
->op
.sig
.signature
== NULL
)
275 return pctx
->op
.sig
.signature
->digest_sign_final(pctx
->op
.sig
.sigprovctx
,
276 sigret
, siglen
, SIZE_MAX
);
279 if (pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
) {
281 return pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
282 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
)
283 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
285 EVP_PKEY_CTX
*dctx
= EVP_PKEY_CTX_dup(ctx
->pctx
);
288 r
= dctx
->pmeth
->signctx(dctx
, sigret
, siglen
, ctx
);
289 EVP_PKEY_CTX_free(dctx
);
293 if (pctx
->pmeth
->signctx
)
298 unsigned char md
[EVP_MAX_MD_SIZE
];
299 unsigned int mdlen
= 0;
300 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
302 r
= ctx
->pctx
->pmeth
->signctx(ctx
->pctx
, sigret
, siglen
, ctx
);
304 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
306 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
309 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
310 EVP_MD_CTX_free(tmp_ctx
);
314 r
= tmp_ctx
->pctx
->pmeth
->signctx(tmp_ctx
->pctx
,
315 sigret
, siglen
, tmp_ctx
);
317 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
318 EVP_MD_CTX_free(tmp_ctx
);
322 if (EVP_PKEY_sign(ctx
->pctx
, sigret
, siglen
, md
, mdlen
) <= 0)
326 if (pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
) <= 0)
329 int s
= EVP_MD_size(ctx
->digest
);
330 if (s
< 0 || EVP_PKEY_sign(pctx
, sigret
, siglen
, NULL
, s
) <= 0)
337 int EVP_DigestSign(EVP_MD_CTX
*ctx
, unsigned char *sigret
, size_t *siglen
,
338 const unsigned char *tbs
, size_t tbslen
)
340 if (ctx
->pctx
->pmeth
->digestsign
!= NULL
)
341 return ctx
->pctx
->pmeth
->digestsign(ctx
, sigret
, siglen
, tbs
, tbslen
);
342 if (sigret
!= NULL
&& EVP_DigestSignUpdate(ctx
, tbs
, tbslen
) <= 0)
344 return EVP_DigestSignFinal(ctx
, sigret
, siglen
);
347 int EVP_DigestVerifyFinal(EVP_MD_CTX
*ctx
, const unsigned char *sig
,
350 unsigned char md
[EVP_MAX_MD_SIZE
];
352 unsigned int mdlen
= 0;
354 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
357 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
358 || pctx
->op
.sig
.sigprovctx
== NULL
359 || pctx
->op
.sig
.signature
== NULL
)
362 return pctx
->op
.sig
.signature
->digest_verify_final(pctx
->op
.sig
.sigprovctx
,
366 if (ctx
->pctx
->pmeth
->verifyctx
)
370 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
372 r
= ctx
->pctx
->pmeth
->verifyctx(ctx
->pctx
, sig
, siglen
, ctx
);
374 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
376 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
379 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
380 EVP_MD_CTX_free(tmp_ctx
);
384 r
= tmp_ctx
->pctx
->pmeth
->verifyctx(tmp_ctx
->pctx
,
385 sig
, siglen
, tmp_ctx
);
387 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
388 EVP_MD_CTX_free(tmp_ctx
);
392 return EVP_PKEY_verify(ctx
->pctx
, sig
, siglen
, md
, mdlen
);
395 int EVP_DigestVerify(EVP_MD_CTX
*ctx
, const unsigned char *sigret
,
396 size_t siglen
, const unsigned char *tbs
, size_t tbslen
)
398 if (ctx
->pctx
->pmeth
->digestverify
!= NULL
)
399 return ctx
->pctx
->pmeth
->digestverify(ctx
, sigret
, siglen
, tbs
, tbslen
);
400 if (EVP_DigestVerifyUpdate(ctx
, tbs
, tbslen
) <= 0)
402 return EVP_DigestVerifyFinal(ctx
, sigret
, siglen
);
404 #endif /* FIPS_MODE */