2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include <openssl/x509.h>
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "internal/numbers.h" /* includes SIZE_MAX */
18 #include "evp_local.h"
22 static int update(EVP_MD_CTX
*ctx
, const void *data
, size_t datalen
)
24 ERR_raise(ERR_LIB_EVP
, EVP_R_ONLY_ONESHOT_SUPPORTED
);
29 * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
32 static const char *canon_mdname(const char *mdname
)
34 if (mdname
!= NULL
&& strcmp(mdname
, "UNDEF") == 0)
40 static int do_sigver_init(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
41 const EVP_MD
*type
, const char *mdname
,
42 OSSL_LIB_CTX
*libctx
, const char *props
,
43 ENGINE
*e
, EVP_PKEY
*pkey
, int ver
,
46 EVP_PKEY_CTX
*locpctx
= NULL
;
47 EVP_SIGNATURE
*signature
= NULL
;
48 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
49 const char *supported_sig
= NULL
;
50 char locmdname
[80] = ""; /* 80 chars should be enough */
54 if (ctx
->algctx
!= NULL
) {
55 if (!ossl_assert(ctx
->digest
!= NULL
)) {
56 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
59 if (ctx
->digest
->freectx
!= NULL
)
60 ctx
->digest
->freectx(ctx
->algctx
);
64 if (ctx
->pctx
== NULL
) {
66 ctx
->pctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, props
);
68 ctx
->pctx
= EVP_PKEY_CTX_new(pkey
, e
);
70 if (ctx
->pctx
== NULL
)
74 evp_pkey_ctx_free_old_ops(locpctx
);
77 props
= locpctx
->propquery
;
81 if (evp_pkey_ctx_is_legacy(locpctx
))
85 * Ensure that the key is provided, either natively, or as a cached export.
87 tmp_keymgmt
= locpctx
->keymgmt
;
88 provkey
= evp_pkey_export_to_provider(locpctx
->pkey
, locpctx
->libctx
,
89 &tmp_keymgmt
, locpctx
->propquery
);
90 if (provkey
== NULL
) {
91 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
94 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
)) {
95 ERR_clear_last_mark();
96 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
99 EVP_KEYMGMT_free(locpctx
->keymgmt
);
100 locpctx
->keymgmt
= tmp_keymgmt
;
102 if (locpctx
->keymgmt
->query_operation_name
!= NULL
)
104 locpctx
->keymgmt
->query_operation_name(OSSL_OP_SIGNATURE
);
107 * If we didn't get a supported sig, assume there is one with the
108 * same name as the key type.
110 if (supported_sig
== NULL
)
111 supported_sig
= locpctx
->keytype
;
114 * Because we cleared out old ops, we shouldn't need to worry about
115 * checking if signature is already there.
117 signature
= EVP_SIGNATURE_fetch(locpctx
->libctx
, supported_sig
,
120 if (signature
== NULL
121 || (EVP_KEYMGMT_get0_provider(locpctx
->keymgmt
)
122 != EVP_SIGNATURE_get0_provider(signature
))) {
124 * We don't need to free ctx->keymgmt here, as it's not necessarily
125 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
127 EVP_SIGNATURE_free(signature
);
132 * If we don't have the full support we need with provided methods,
133 * let's go see if legacy does.
137 /* No more legacy from here down to legacy: */
142 locpctx
->op
.sig
.signature
= signature
;
143 locpctx
->operation
= ver
? EVP_PKEY_OP_VERIFYCTX
144 : EVP_PKEY_OP_SIGNCTX
;
145 locpctx
->op
.sig
.algctx
146 = signature
->newctx(ossl_provider_ctx(signature
->prov
), props
);
147 if (locpctx
->op
.sig
.algctx
== NULL
) {
148 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
152 ctx
->reqdigest
= type
;
154 mdname
= canon_mdname(EVP_MD_get0_name(type
));
156 if (mdname
== NULL
) {
157 if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt
, provkey
,
159 sizeof(locmdname
)) > 0) {
160 mdname
= canon_mdname(locmdname
);
164 if (mdname
!= NULL
) {
166 * We're about to get a new digest so clear anything associated with
169 evp_md_ctx_clear_digest(ctx
, 1);
171 /* legacy code support for engines */
174 * This might be requested by a later call to EVP_MD_CTX_get0_md().
175 * In that case the "explicit fetch" rules apply for that
176 * function (as per man pages), i.e. the ref count is not updated
177 * so the EVP_MD should not be used beyound the lifetime of the
180 ctx
->fetched_digest
= EVP_MD_fetch(locpctx
->libctx
, mdname
, props
);
181 if (ctx
->fetched_digest
!= NULL
) {
182 ctx
->digest
= ctx
->reqdigest
= ctx
->fetched_digest
;
184 /* legacy engine support : remove the mark when this is deleted */
185 ctx
->reqdigest
= ctx
->digest
= EVP_get_digestbyname(mdname
);
186 if (ctx
->digest
== NULL
) {
187 (void)ERR_clear_last_mark();
188 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
192 (void)ERR_pop_to_mark();
197 if (signature
->digest_verify_init
== NULL
) {
198 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
201 ret
= signature
->digest_verify_init(locpctx
->op
.sig
.algctx
,
202 mdname
, provkey
, params
);
204 if (signature
->digest_sign_init
== NULL
) {
205 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
208 ret
= signature
->digest_sign_init(locpctx
->op
.sig
.algctx
,
209 mdname
, provkey
, params
);
215 evp_pkey_ctx_free_old_ops(locpctx
);
216 locpctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
221 * If we don't have the full support we need with provided methods,
222 * let's go see if legacy does.
226 if (type
== NULL
&& mdname
!= NULL
)
227 type
= evp_get_digestbyname_ex(locpctx
->libctx
, mdname
);
229 if (ctx
->pctx
->pmeth
== NULL
) {
230 ERR_raise(ERR_LIB_EVP
, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
234 if (!(ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)) {
238 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
239 type
= EVP_get_digestbynid(def_nid
);
243 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_DEFAULT_DIGEST
);
249 if (ctx
->pctx
->pmeth
->verifyctx_init
) {
250 if (ctx
->pctx
->pmeth
->verifyctx_init(ctx
->pctx
, ctx
) <= 0)
252 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFYCTX
;
253 } else if (ctx
->pctx
->pmeth
->digestverify
!= 0) {
254 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFY
;
255 ctx
->update
= update
;
256 } else if (EVP_PKEY_verify_init(ctx
->pctx
) <= 0) {
260 if (ctx
->pctx
->pmeth
->signctx_init
) {
261 if (ctx
->pctx
->pmeth
->signctx_init(ctx
->pctx
, ctx
) <= 0)
263 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGNCTX
;
264 } else if (ctx
->pctx
->pmeth
->digestsign
!= 0) {
265 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGN
;
266 ctx
->update
= update
;
267 } else if (EVP_PKEY_sign_init(ctx
->pctx
) <= 0) {
271 if (EVP_PKEY_CTX_set_signature_md(ctx
->pctx
, type
) <= 0)
275 if (ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)
277 if (!EVP_DigestInit_ex(ctx
, type
, e
))
280 * This indicates the current algorithm requires
281 * special treatment before hashing the tbs-message.
283 ctx
->pctx
->flag_call_digest_custom
= 0;
284 if (ctx
->pctx
->pmeth
->digest_custom
!= NULL
)
285 ctx
->pctx
->flag_call_digest_custom
= 1;
292 ret
= evp_pkey_ctx_use_cached_data(locpctx
);
295 return ret
> 0 ? 1 : 0;
298 int EVP_DigestSignInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
299 const char *mdname
, OSSL_LIB_CTX
*libctx
,
300 const char *props
, EVP_PKEY
*pkey
,
303 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 0,
307 int EVP_DigestSignInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
308 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
310 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 0,
314 int EVP_DigestVerifyInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
315 const char *mdname
, OSSL_LIB_CTX
*libctx
,
316 const char *props
, EVP_PKEY
*pkey
,
319 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 1,
323 int EVP_DigestVerifyInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
324 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
326 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 1,
329 #endif /* FIPS_MDOE */
331 int EVP_DigestSignUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
333 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
336 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
337 || pctx
->op
.sig
.algctx
== NULL
338 || pctx
->op
.sig
.signature
== NULL
)
341 if (pctx
->op
.sig
.signature
->digest_sign_update
== NULL
) {
342 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
346 return pctx
->op
.sig
.signature
->digest_sign_update(pctx
->op
.sig
.algctx
,
351 /* do_sigver_init() checked that |digest_custom| is non-NULL */
352 if (pctx
->flag_call_digest_custom
353 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
355 pctx
->flag_call_digest_custom
= 0;
358 return EVP_DigestUpdate(ctx
, data
, dsize
);
361 int EVP_DigestVerifyUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
363 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
366 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
367 || pctx
->op
.sig
.algctx
== NULL
368 || pctx
->op
.sig
.signature
== NULL
)
371 if (pctx
->op
.sig
.signature
->digest_verify_update
== NULL
) {
372 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
376 return pctx
->op
.sig
.signature
->digest_verify_update(pctx
->op
.sig
.algctx
,
381 /* do_sigver_init() checked that |digest_custom| is non-NULL */
382 if (pctx
->flag_call_digest_custom
383 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
385 pctx
->flag_call_digest_custom
= 0;
388 return EVP_DigestUpdate(ctx
, data
, dsize
);
392 int EVP_DigestSignFinal(EVP_MD_CTX
*ctx
, unsigned char *sigret
,
396 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
399 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
400 || pctx
->op
.sig
.algctx
== NULL
401 || pctx
->op
.sig
.signature
== NULL
)
404 return pctx
->op
.sig
.signature
->digest_sign_final(pctx
->op
.sig
.algctx
,
405 sigret
, siglen
, SIZE_MAX
);
408 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
409 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
413 /* do_sigver_init() checked that |digest_custom| is non-NULL */
414 if (pctx
->flag_call_digest_custom
415 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
417 pctx
->flag_call_digest_custom
= 0;
419 if (pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
) {
421 return pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
422 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
)
423 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
425 EVP_PKEY_CTX
*dctx
= EVP_PKEY_CTX_dup(pctx
);
429 r
= dctx
->pmeth
->signctx(dctx
, sigret
, siglen
, ctx
);
430 EVP_PKEY_CTX_free(dctx
);
434 if (pctx
->pmeth
->signctx
!= NULL
)
438 if (sigret
!= NULL
) {
439 unsigned char md
[EVP_MAX_MD_SIZE
];
440 unsigned int mdlen
= 0;
442 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
444 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
446 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
448 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
452 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
453 EVP_MD_CTX_free(tmp_ctx
);
457 r
= tmp_ctx
->pctx
->pmeth
->signctx(tmp_ctx
->pctx
,
458 sigret
, siglen
, tmp_ctx
);
460 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
461 EVP_MD_CTX_free(tmp_ctx
);
465 if (EVP_PKEY_sign(pctx
, sigret
, siglen
, md
, mdlen
) <= 0)
469 if (pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
) <= 0)
472 int s
= EVP_MD_get_size(ctx
->digest
);
474 if (s
< 0 || EVP_PKEY_sign(pctx
, sigret
, siglen
, NULL
, s
) <= 0)
481 int EVP_DigestSign(EVP_MD_CTX
*ctx
, unsigned char *sigret
, size_t *siglen
,
482 const unsigned char *tbs
, size_t tbslen
)
484 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
487 && pctx
->operation
== EVP_PKEY_OP_SIGNCTX
488 && pctx
->op
.sig
.algctx
!= NULL
489 && pctx
->op
.sig
.signature
!= NULL
) {
490 if (pctx
->op
.sig
.signature
->digest_sign
!= NULL
)
491 return pctx
->op
.sig
.signature
->digest_sign(pctx
->op
.sig
.algctx
,
492 sigret
, siglen
, SIZE_MAX
,
496 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestsign
!= NULL
)
497 return ctx
->pctx
->pmeth
->digestsign(ctx
, sigret
, siglen
, tbs
, tbslen
);
500 if (sigret
!= NULL
&& EVP_DigestSignUpdate(ctx
, tbs
, tbslen
) <= 0)
502 return EVP_DigestSignFinal(ctx
, sigret
, siglen
);
505 int EVP_DigestVerifyFinal(EVP_MD_CTX
*ctx
, const unsigned char *sig
,
508 unsigned char md
[EVP_MAX_MD_SIZE
];
510 unsigned int mdlen
= 0;
512 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
515 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
516 || pctx
->op
.sig
.algctx
== NULL
517 || pctx
->op
.sig
.signature
== NULL
)
520 return pctx
->op
.sig
.signature
->digest_verify_final(pctx
->op
.sig
.algctx
,
524 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
525 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
529 /* do_sigver_init() checked that |digest_custom| is non-NULL */
530 if (pctx
->flag_call_digest_custom
531 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
533 pctx
->flag_call_digest_custom
= 0;
535 if (pctx
->pmeth
->verifyctx
!= NULL
)
539 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
541 r
= pctx
->pmeth
->verifyctx(pctx
, sig
, siglen
, ctx
);
543 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
545 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
548 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
549 EVP_MD_CTX_free(tmp_ctx
);
553 r
= tmp_ctx
->pctx
->pmeth
->verifyctx(tmp_ctx
->pctx
,
554 sig
, siglen
, tmp_ctx
);
556 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
557 EVP_MD_CTX_free(tmp_ctx
);
561 return EVP_PKEY_verify(pctx
, sig
, siglen
, md
, mdlen
);
564 int EVP_DigestVerify(EVP_MD_CTX
*ctx
, const unsigned char *sigret
,
565 size_t siglen
, const unsigned char *tbs
, size_t tbslen
)
567 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
570 && pctx
->operation
== EVP_PKEY_OP_VERIFYCTX
571 && pctx
->op
.sig
.algctx
!= NULL
572 && pctx
->op
.sig
.signature
!= NULL
) {
573 if (pctx
->op
.sig
.signature
->digest_verify
!= NULL
)
574 return pctx
->op
.sig
.signature
->digest_verify(pctx
->op
.sig
.algctx
,
579 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestverify
!= NULL
)
580 return ctx
->pctx
->pmeth
->digestverify(ctx
, sigret
, siglen
, tbs
, tbslen
);
583 if (EVP_DigestVerifyUpdate(ctx
, tbs
, tbslen
) <= 0)
585 return EVP_DigestVerifyFinal(ctx
, sigret
, siglen
);
587 #endif /* FIPS_MODULE */