2 * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include <openssl/x509.h>
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
21 static int update(EVP_MD_CTX
*ctx
, const void *data
, size_t datalen
)
23 EVPerr(EVP_F_UPDATE
, EVP_R_ONLY_ONESHOT_SUPPORTED
);
27 static int do_sigver_init(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
28 const EVP_MD
*type
, const char *mdname
,
29 const char *props
, ENGINE
*e
, EVP_PKEY
*pkey
,
32 EVP_PKEY_CTX
*locpctx
= NULL
;
33 EVP_SIGNATURE
*signature
= NULL
;
37 if (ctx
->provctx
!= NULL
) {
38 if (!ossl_assert(ctx
->digest
!= NULL
)) {
39 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
42 if (ctx
->digest
->freectx
!= NULL
)
43 ctx
->digest
->freectx(ctx
->provctx
);
47 if (ctx
->pctx
== NULL
)
48 ctx
->pctx
= EVP_PKEY_CTX_new(pkey
, e
);
49 if (ctx
->pctx
== NULL
)
53 evp_pkey_ctx_free_old_ops(locpctx
);
55 if (locpctx
->algorithm
== NULL
)
60 mdname
= EVP_MD_name(type
);
61 } else if (pkey
!= NULL
) {
63 * TODO(v3.0) work out a better way for EVP_PKEYs with no legacy
66 if (pkey
->pkey
.ptr
!= NULL
) {
68 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
69 mdname
= OBJ_nid2sn(def_nid
);
75 * Because we cleared out old ops, we shouldn't need to worry about
76 * checking if signature is already there. Keymgmt is a different
77 * matter, as it isn't tied to a specific EVP_PKEY op.
79 signature
= EVP_SIGNATURE_fetch(locpctx
->libctx
, locpctx
->algorithm
,
81 if (signature
!= NULL
&& locpctx
->keymgmt
== NULL
) {
82 int name_id
= EVP_SIGNATURE_number(signature
);
85 evp_keymgmt_fetch_by_number(locpctx
->libctx
, name_id
,
89 if (locpctx
->keymgmt
== NULL
91 || (EVP_KEYMGMT_provider(locpctx
->keymgmt
)
92 != EVP_SIGNATURE_provider(signature
))) {
94 * We don't have the full support we need with provided methods,
95 * let's go see if legacy does. Also, we don't need to free
96 * ctx->keymgmt here, as it's not necessarily tied to this
97 * operation. It will be freed by EVP_PKEY_CTX_free().
99 EVP_SIGNATURE_free(signature
);
103 /* No more legacy from here down to legacy: */
105 locpctx
->op
.sig
.signature
= signature
;
107 locpctx
->operation
= ver
? EVP_PKEY_OP_VERIFYCTX
108 : EVP_PKEY_OP_SIGNCTX
;
110 locpctx
->op
.sig
.sigprovctx
111 = signature
->newctx(ossl_provider_ctx(signature
->prov
));
112 if (locpctx
->op
.sig
.sigprovctx
== NULL
) {
113 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
117 evp_keymgmt_export_to_provider(locpctx
->pkey
, locpctx
->keymgmt
, 0);
118 if (provkey
== NULL
) {
119 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
124 ctx
->reqdigest
= type
;
127 * This might be requested by a later call to EVP_MD_CTX_md(). In that
128 * case the "explicit fetch" rules apply for that function (as per
129 * man pages), i.e. the ref count is not updated so the EVP_MD should
130 * not be used beyound the lifetime of the EVP_MD_CTX.
132 ctx
->reqdigest
= ctx
->fetched_digest
=
133 EVP_MD_fetch(locpctx
->libctx
, mdname
, props
);
137 if (signature
->digest_verify_init
== NULL
) {
138 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
141 ret
= signature
->digest_verify_init(locpctx
->op
.sig
.sigprovctx
,
142 mdname
, props
, provkey
);
144 if (signature
->digest_sign_init
== NULL
) {
145 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
148 ret
= signature
->digest_sign_init(locpctx
->op
.sig
.sigprovctx
,
149 mdname
, props
, provkey
);
154 evp_pkey_ctx_free_old_ops(locpctx
);
155 locpctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
159 if (!(ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)) {
163 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
164 type
= EVP_get_digestbynid(def_nid
);
168 EVPerr(EVP_F_DO_SIGVER_INIT
, EVP_R_NO_DEFAULT_DIGEST
);
174 if (ctx
->pctx
->pmeth
->verifyctx_init
) {
175 if (ctx
->pctx
->pmeth
->verifyctx_init(ctx
->pctx
, ctx
) <= 0)
177 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFYCTX
;
178 } else if (ctx
->pctx
->pmeth
->digestverify
!= 0) {
179 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFY
;
180 ctx
->update
= update
;
181 } else if (EVP_PKEY_verify_init(ctx
->pctx
) <= 0) {
185 if (ctx
->pctx
->pmeth
->signctx_init
) {
186 if (ctx
->pctx
->pmeth
->signctx_init(ctx
->pctx
, ctx
) <= 0)
188 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGNCTX
;
189 } else if (ctx
->pctx
->pmeth
->digestsign
!= 0) {
190 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGN
;
191 ctx
->update
= update
;
192 } else if (EVP_PKEY_sign_init(ctx
->pctx
) <= 0) {
196 if (EVP_PKEY_CTX_set_signature_md(ctx
->pctx
, type
) <= 0)
200 if (ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)
202 if (!EVP_DigestInit_ex(ctx
, type
, e
))
205 * This indicates the current algorithm requires
206 * special treatment before hashing the tbs-message.
208 if (ctx
->pctx
->pmeth
->digest_custom
!= NULL
)
209 return ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
);
214 int EVP_DigestSignInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
215 const char *mdname
, const char *props
, EVP_PKEY
*pkey
)
217 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, props
, NULL
, pkey
, 0);
220 int EVP_DigestSignInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
221 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
223 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, e
, pkey
, 0);
226 int EVP_DigestVerifyInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
227 const char *mdname
, const char *props
,
230 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, props
, NULL
, pkey
, 1);
233 int EVP_DigestVerifyInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
234 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
236 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, e
, pkey
, 1);
238 #endif /* FIPS_MDOE */
240 int EVP_DigestSignUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
242 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
245 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
246 || pctx
->op
.sig
.sigprovctx
== NULL
247 || pctx
->op
.sig
.signature
== NULL
)
250 return pctx
->op
.sig
.signature
->digest_sign_update(pctx
->op
.sig
.sigprovctx
,
254 return EVP_DigestUpdate(ctx
, data
, dsize
);
257 int EVP_DigestVerifyUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
259 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
262 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
263 || pctx
->op
.sig
.sigprovctx
== NULL
264 || pctx
->op
.sig
.signature
== NULL
)
267 return pctx
->op
.sig
.signature
->digest_verify_update(pctx
->op
.sig
.sigprovctx
,
271 return EVP_DigestUpdate(ctx
, data
, dsize
);
275 int EVP_DigestSignFinal(EVP_MD_CTX
*ctx
, unsigned char *sigret
,
279 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
282 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
283 || pctx
->op
.sig
.sigprovctx
== NULL
284 || pctx
->op
.sig
.signature
== NULL
)
287 return pctx
->op
.sig
.signature
->digest_sign_final(pctx
->op
.sig
.sigprovctx
,
288 sigret
, siglen
, SIZE_MAX
);
291 if (pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
) {
293 return pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
294 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
)
295 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
297 EVP_PKEY_CTX
*dctx
= EVP_PKEY_CTX_dup(ctx
->pctx
);
300 r
= dctx
->pmeth
->signctx(dctx
, sigret
, siglen
, ctx
);
301 EVP_PKEY_CTX_free(dctx
);
305 if (pctx
->pmeth
->signctx
)
310 unsigned char md
[EVP_MAX_MD_SIZE
];
311 unsigned int mdlen
= 0;
312 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
314 r
= ctx
->pctx
->pmeth
->signctx(ctx
->pctx
, sigret
, siglen
, ctx
);
316 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
318 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
321 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
322 EVP_MD_CTX_free(tmp_ctx
);
326 r
= tmp_ctx
->pctx
->pmeth
->signctx(tmp_ctx
->pctx
,
327 sigret
, siglen
, tmp_ctx
);
329 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
330 EVP_MD_CTX_free(tmp_ctx
);
334 if (EVP_PKEY_sign(ctx
->pctx
, sigret
, siglen
, md
, mdlen
) <= 0)
338 if (pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
) <= 0)
341 int s
= EVP_MD_size(ctx
->digest
);
342 if (s
< 0 || EVP_PKEY_sign(pctx
, sigret
, siglen
, NULL
, s
) <= 0)
349 int EVP_DigestSign(EVP_MD_CTX
*ctx
, unsigned char *sigret
, size_t *siglen
,
350 const unsigned char *tbs
, size_t tbslen
)
352 if (ctx
->pctx
->pmeth
->digestsign
!= NULL
)
353 return ctx
->pctx
->pmeth
->digestsign(ctx
, sigret
, siglen
, tbs
, tbslen
);
354 if (sigret
!= NULL
&& EVP_DigestSignUpdate(ctx
, tbs
, tbslen
) <= 0)
356 return EVP_DigestSignFinal(ctx
, sigret
, siglen
);
359 int EVP_DigestVerifyFinal(EVP_MD_CTX
*ctx
, const unsigned char *sig
,
362 unsigned char md
[EVP_MAX_MD_SIZE
];
364 unsigned int mdlen
= 0;
366 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
369 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
370 || pctx
->op
.sig
.sigprovctx
== NULL
371 || pctx
->op
.sig
.signature
== NULL
)
374 return pctx
->op
.sig
.signature
->digest_verify_final(pctx
->op
.sig
.sigprovctx
,
378 if (ctx
->pctx
->pmeth
->verifyctx
)
382 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
384 r
= ctx
->pctx
->pmeth
->verifyctx(ctx
->pctx
, sig
, siglen
, ctx
);
386 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
388 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
391 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
392 EVP_MD_CTX_free(tmp_ctx
);
396 r
= tmp_ctx
->pctx
->pmeth
->verifyctx(tmp_ctx
->pctx
,
397 sig
, siglen
, tmp_ctx
);
399 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
400 EVP_MD_CTX_free(tmp_ctx
);
404 return EVP_PKEY_verify(ctx
->pctx
, sig
, siglen
, md
, mdlen
);
407 int EVP_DigestVerify(EVP_MD_CTX
*ctx
, const unsigned char *sigret
,
408 size_t siglen
, const unsigned char *tbs
, size_t tbslen
)
410 if (ctx
->pctx
->pmeth
->digestverify
!= NULL
)
411 return ctx
->pctx
->pmeth
->digestverify(ctx
, sigret
, siglen
, tbs
, tbslen
);
412 if (EVP_DigestVerifyUpdate(ctx
, tbs
, tbslen
) <= 0)
414 return EVP_DigestVerifyFinal(ctx
, sigret
, siglen
);
416 #endif /* FIPS_MODE */