]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/m_sigver.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
evp: remove TODOs
[thirdparty/openssl.git] / crypto / evp / m_sigver.c
1 /*
2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include <openssl/x509.h>
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "internal/numbers.h" /* includes SIZE_MAX */
18 #include "evp_local.h"
19
20 #ifndef FIPS_MODULE
21
22 static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
23 {
24 ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
25 return 0;
26 }
27
28 /*
29 * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
30 * NULL for this.
31 */
32 static const char *canon_mdname(const char *mdname)
33 {
34 if (mdname != NULL && strcmp(mdname, "UNDEF") == 0)
35 return NULL;
36
37 return mdname;
38 }
39
40 static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
41 const EVP_MD *type, const char *mdname,
42 OSSL_LIB_CTX *libctx, const char *props,
43 ENGINE *e, EVP_PKEY *pkey, int ver,
44 OSSL_PARAM params[])
45 {
46 EVP_PKEY_CTX *locpctx = NULL;
47 EVP_SIGNATURE *signature = NULL;
48 EVP_KEYMGMT *tmp_keymgmt = NULL;
49 const char *supported_sig = NULL;
50 char locmdname[80] = ""; /* 80 chars should be enough */
51 void *provkey = NULL;
52 int ret;
53
54 if (ctx->algctx != NULL) {
55 if (!ossl_assert(ctx->digest != NULL)) {
56 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
57 return 0;
58 }
59 if (ctx->digest->freectx != NULL)
60 ctx->digest->freectx(ctx->algctx);
61 ctx->algctx = NULL;
62 }
63
64 if (ctx->pctx == NULL) {
65 if (e == NULL)
66 ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
67 else
68 ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
69 }
70 if (ctx->pctx == NULL)
71 return 0;
72
73 locpctx = ctx->pctx;
74 evp_pkey_ctx_free_old_ops(locpctx);
75
76 if (props == NULL)
77 props = locpctx->propquery;
78
79 ERR_set_mark();
80
81 if (evp_pkey_ctx_is_legacy(locpctx))
82 goto legacy;
83
84 /*
85 * Ensure that the key is provided, either natively, or as a cached export.
86 */
87 tmp_keymgmt = locpctx->keymgmt;
88 provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx,
89 &tmp_keymgmt, locpctx->propquery);
90 if (provkey == NULL) {
91 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
92 goto err;
93 }
94 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
95 ERR_clear_last_mark();
96 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
97 goto err;
98 }
99 EVP_KEYMGMT_free(locpctx->keymgmt);
100 locpctx->keymgmt = tmp_keymgmt;
101
102 if (locpctx->keymgmt->query_operation_name != NULL)
103 supported_sig =
104 locpctx->keymgmt->query_operation_name(OSSL_OP_SIGNATURE);
105
106 /*
107 * If we didn't get a supported sig, assume there is one with the
108 * same name as the key type.
109 */
110 if (supported_sig == NULL)
111 supported_sig = locpctx->keytype;
112
113 /*
114 * Because we cleared out old ops, we shouldn't need to worry about
115 * checking if signature is already there.
116 */
117 signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig,
118 locpctx->propquery);
119
120 if (signature == NULL
121 || (EVP_KEYMGMT_get0_provider(locpctx->keymgmt)
122 != EVP_SIGNATURE_get0_provider(signature))) {
123 /*
124 * We don't need to free ctx->keymgmt here, as it's not necessarily
125 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
126 */
127 EVP_SIGNATURE_free(signature);
128 goto legacy;
129 }
130
131 /*
132 * If we don't have the full support we need with provided methods,
133 * let's go see if legacy does.
134 */
135 ERR_pop_to_mark();
136
137 /* No more legacy from here down to legacy: */
138
139 if (pctx != NULL)
140 *pctx = locpctx;
141
142 locpctx->op.sig.signature = signature;
143 locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX
144 : EVP_PKEY_OP_SIGNCTX;
145 locpctx->op.sig.algctx
146 = signature->newctx(ossl_provider_ctx(signature->prov), props);
147 if (locpctx->op.sig.algctx == NULL) {
148 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
149 goto err;
150 }
151 if (type != NULL) {
152 ctx->reqdigest = type;
153 if (mdname == NULL)
154 mdname = canon_mdname(EVP_MD_get0_name(type));
155 } else {
156 if (mdname == NULL) {
157 if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey,
158 locmdname,
159 sizeof(locmdname)) > 0) {
160 mdname = canon_mdname(locmdname);
161 }
162 }
163
164 if (mdname != NULL) {
165 /*
166 * We're about to get a new digest so clear anything associated with
167 * an old digest.
168 */
169 evp_md_ctx_clear_digest(ctx, 1);
170
171 /* legacy code support for engines */
172 ERR_set_mark();
173 /*
174 * This might be requested by a later call to EVP_MD_CTX_get0_md().
175 * In that case the "explicit fetch" rules apply for that
176 * function (as per man pages), i.e. the ref count is not updated
177 * so the EVP_MD should not be used beyound the lifetime of the
178 * EVP_MD_CTX.
179 */
180 ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
181 if (ctx->fetched_digest != NULL) {
182 ctx->digest = ctx->reqdigest = ctx->fetched_digest;
183 } else {
184 /* legacy engine support : remove the mark when this is deleted */
185 ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
186 if (ctx->digest == NULL) {
187 (void)ERR_clear_last_mark();
188 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
189 goto err;
190 }
191 }
192 (void)ERR_pop_to_mark();
193 }
194 }
195
196 if (ver) {
197 if (signature->digest_verify_init == NULL) {
198 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
199 goto err;
200 }
201 ret = signature->digest_verify_init(locpctx->op.sig.algctx,
202 mdname, provkey, params);
203 } else {
204 if (signature->digest_sign_init == NULL) {
205 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
206 goto err;
207 }
208 ret = signature->digest_sign_init(locpctx->op.sig.algctx,
209 mdname, provkey, params);
210 }
211
212 goto end;
213
214 err:
215 evp_pkey_ctx_free_old_ops(locpctx);
216 locpctx->operation = EVP_PKEY_OP_UNDEFINED;
217 return 0;
218
219 legacy:
220 /*
221 * If we don't have the full support we need with provided methods,
222 * let's go see if legacy does.
223 */
224 ERR_pop_to_mark();
225
226 if (type == NULL && mdname != NULL)
227 type = evp_get_digestbyname_ex(locpctx->libctx, mdname);
228
229 if (ctx->pctx->pmeth == NULL) {
230 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
231 return 0;
232 }
233
234 if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
235
236 if (type == NULL) {
237 int def_nid;
238 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
239 type = EVP_get_digestbynid(def_nid);
240 }
241
242 if (type == NULL) {
243 ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST);
244 return 0;
245 }
246 }
247
248 if (ver) {
249 if (ctx->pctx->pmeth->verifyctx_init) {
250 if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
251 return 0;
252 ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
253 } else if (ctx->pctx->pmeth->digestverify != 0) {
254 ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
255 ctx->update = update;
256 } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
257 return 0;
258 }
259 } else {
260 if (ctx->pctx->pmeth->signctx_init) {
261 if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
262 return 0;
263 ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
264 } else if (ctx->pctx->pmeth->digestsign != 0) {
265 ctx->pctx->operation = EVP_PKEY_OP_SIGN;
266 ctx->update = update;
267 } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
268 return 0;
269 }
270 }
271 if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
272 return 0;
273 if (pctx)
274 *pctx = ctx->pctx;
275 if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
276 return 1;
277 if (!EVP_DigestInit_ex(ctx, type, e))
278 return 0;
279 /*
280 * This indicates the current algorithm requires
281 * special treatment before hashing the tbs-message.
282 */
283 ctx->pctx->flag_call_digest_custom = 0;
284 if (ctx->pctx->pmeth->digest_custom != NULL)
285 ctx->pctx->flag_call_digest_custom = 1;
286
287 ret = 1;
288
289 end:
290 #ifndef FIPS_MODULE
291 if (ret > 0)
292 ret = evp_pkey_ctx_use_cached_data(locpctx);
293 #endif
294
295 return ret > 0 ? 1 : 0;
296 }
297
298 int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
299 const char *mdname, OSSL_LIB_CTX *libctx,
300 const char *props, EVP_PKEY *pkey,
301 OSSL_PARAM params[])
302 {
303 return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0,
304 params);
305 }
306
307 int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
308 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
309 {
310 return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0,
311 NULL);
312 }
313
314 int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
315 const char *mdname, OSSL_LIB_CTX *libctx,
316 const char *props, EVP_PKEY *pkey,
317 OSSL_PARAM params[])
318 {
319 return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1,
320 params);
321 }
322
323 int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
324 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
325 {
326 return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
327 NULL);
328 }
329 #endif /* FIPS_MDOE */
330
331 int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
332 {
333 EVP_PKEY_CTX *pctx = ctx->pctx;
334
335 if (pctx == NULL
336 || pctx->operation != EVP_PKEY_OP_SIGNCTX
337 || pctx->op.sig.algctx == NULL
338 || pctx->op.sig.signature == NULL)
339 goto legacy;
340
341 if (pctx->op.sig.signature->digest_sign_update == NULL) {
342 ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
343 return 0;
344 }
345
346 return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.algctx,
347 data, dsize);
348
349 legacy:
350 if (pctx != NULL) {
351 /* do_sigver_init() checked that |digest_custom| is non-NULL */
352 if (pctx->flag_call_digest_custom
353 && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
354 return 0;
355 pctx->flag_call_digest_custom = 0;
356 }
357
358 return EVP_DigestUpdate(ctx, data, dsize);
359 }
360
361 int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
362 {
363 EVP_PKEY_CTX *pctx = ctx->pctx;
364
365 if (pctx == NULL
366 || pctx->operation != EVP_PKEY_OP_VERIFYCTX
367 || pctx->op.sig.algctx == NULL
368 || pctx->op.sig.signature == NULL)
369 goto legacy;
370
371 if (pctx->op.sig.signature->digest_verify_update == NULL) {
372 ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
373 return 0;
374 }
375
376 return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.algctx,
377 data, dsize);
378
379 legacy:
380 if (pctx != NULL) {
381 /* do_sigver_init() checked that |digest_custom| is non-NULL */
382 if (pctx->flag_call_digest_custom
383 && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
384 return 0;
385 pctx->flag_call_digest_custom = 0;
386 }
387
388 return EVP_DigestUpdate(ctx, data, dsize);
389 }
390
391 #ifndef FIPS_MODULE
392 int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
393 size_t *siglen)
394 {
395 int sctx = 0, r = 0;
396 EVP_PKEY_CTX *pctx = ctx->pctx;
397
398 if (pctx == NULL
399 || pctx->operation != EVP_PKEY_OP_SIGNCTX
400 || pctx->op.sig.algctx == NULL
401 || pctx->op.sig.signature == NULL)
402 goto legacy;
403
404 return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
405 sigret, siglen, SIZE_MAX);
406
407 legacy:
408 if (pctx == NULL || pctx->pmeth == NULL) {
409 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
410 return 0;
411 }
412
413 /* do_sigver_init() checked that |digest_custom| is non-NULL */
414 if (pctx->flag_call_digest_custom
415 && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
416 return 0;
417 pctx->flag_call_digest_custom = 0;
418
419 if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
420 if (sigret == NULL)
421 return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
422 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
423 r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
424 else {
425 EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(pctx);
426
427 if (dctx == NULL)
428 return 0;
429 r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
430 EVP_PKEY_CTX_free(dctx);
431 }
432 return r;
433 }
434 if (pctx->pmeth->signctx != NULL)
435 sctx = 1;
436 else
437 sctx = 0;
438 if (sigret != NULL) {
439 unsigned char md[EVP_MAX_MD_SIZE];
440 unsigned int mdlen = 0;
441
442 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
443 if (sctx)
444 r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
445 else
446 r = EVP_DigestFinal_ex(ctx, md, &mdlen);
447 } else {
448 EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
449
450 if (tmp_ctx == NULL)
451 return 0;
452 if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
453 EVP_MD_CTX_free(tmp_ctx);
454 return 0;
455 }
456 if (sctx)
457 r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
458 sigret, siglen, tmp_ctx);
459 else
460 r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
461 EVP_MD_CTX_free(tmp_ctx);
462 }
463 if (sctx || !r)
464 return r;
465 if (EVP_PKEY_sign(pctx, sigret, siglen, md, mdlen) <= 0)
466 return 0;
467 } else {
468 if (sctx) {
469 if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
470 return 0;
471 } else {
472 int s = EVP_MD_get_size(ctx->digest);
473
474 if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
475 return 0;
476 }
477 }
478 return 1;
479 }
480
481 int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
482 const unsigned char *tbs, size_t tbslen)
483 {
484 EVP_PKEY_CTX *pctx = ctx->pctx;
485
486 if (pctx != NULL
487 && pctx->operation == EVP_PKEY_OP_SIGNCTX
488 && pctx->op.sig.algctx != NULL
489 && pctx->op.sig.signature != NULL) {
490 if (pctx->op.sig.signature->digest_sign != NULL)
491 return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx,
492 sigret, siglen, SIZE_MAX,
493 tbs, tbslen);
494 } else {
495 /* legacy */
496 if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestsign != NULL)
497 return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);
498 }
499
500 if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
501 return 0;
502 return EVP_DigestSignFinal(ctx, sigret, siglen);
503 }
504
505 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
506 size_t siglen)
507 {
508 unsigned char md[EVP_MAX_MD_SIZE];
509 int r = 0;
510 unsigned int mdlen = 0;
511 int vctx = 0;
512 EVP_PKEY_CTX *pctx = ctx->pctx;
513
514 if (pctx == NULL
515 || pctx->operation != EVP_PKEY_OP_VERIFYCTX
516 || pctx->op.sig.algctx == NULL
517 || pctx->op.sig.signature == NULL)
518 goto legacy;
519
520 return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
521 sig, siglen);
522
523 legacy:
524 if (pctx == NULL || pctx->pmeth == NULL) {
525 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
526 return 0;
527 }
528
529 /* do_sigver_init() checked that |digest_custom| is non-NULL */
530 if (pctx->flag_call_digest_custom
531 && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
532 return 0;
533 pctx->flag_call_digest_custom = 0;
534
535 if (pctx->pmeth->verifyctx != NULL)
536 vctx = 1;
537 else
538 vctx = 0;
539 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
540 if (vctx)
541 r = pctx->pmeth->verifyctx(pctx, sig, siglen, ctx);
542 else
543 r = EVP_DigestFinal_ex(ctx, md, &mdlen);
544 } else {
545 EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
546 if (tmp_ctx == NULL)
547 return -1;
548 if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
549 EVP_MD_CTX_free(tmp_ctx);
550 return -1;
551 }
552 if (vctx)
553 r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
554 sig, siglen, tmp_ctx);
555 else
556 r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
557 EVP_MD_CTX_free(tmp_ctx);
558 }
559 if (vctx || !r)
560 return r;
561 return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
562 }
563
564 int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
565 size_t siglen, const unsigned char *tbs, size_t tbslen)
566 {
567 EVP_PKEY_CTX *pctx = ctx->pctx;
568
569 if (pctx != NULL
570 && pctx->operation == EVP_PKEY_OP_VERIFYCTX
571 && pctx->op.sig.algctx != NULL
572 && pctx->op.sig.signature != NULL) {
573 if (pctx->op.sig.signature->digest_verify != NULL)
574 return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx,
575 sigret, siglen,
576 tbs, tbslen);
577 } else {
578 /* legacy */
579 if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL)
580 return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
581 }
582
583 if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
584 return -1;
585 return EVP_DigestVerifyFinal(ctx, sigret, siglen);
586 }
587 #endif /* FIPS_MODULE */
A mirror of the official openssl repository