2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include "crypto/evp.h"
15 #include "internal/provider.h"
16 #include "internal/numbers.h" /* includes SIZE_MAX */
17 #include "evp_local.h"
21 static int update(EVP_MD_CTX
*ctx
, const void *data
, size_t datalen
)
23 ERR_raise(ERR_LIB_EVP
, EVP_R_ONLY_ONESHOT_SUPPORTED
);
28 * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
31 static const char *canon_mdname(const char *mdname
)
33 if (mdname
!= NULL
&& strcmp(mdname
, "UNDEF") == 0)
39 static int do_sigver_init(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
40 const EVP_MD
*type
, const char *mdname
,
41 OSSL_LIB_CTX
*libctx
, const char *props
,
42 ENGINE
*e
, EVP_PKEY
*pkey
, int ver
,
43 const OSSL_PARAM params
[])
45 EVP_PKEY_CTX
*locpctx
= NULL
;
46 EVP_SIGNATURE
*signature
= NULL
;
47 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
48 const char *supported_sig
= NULL
;
49 char locmdname
[80] = ""; /* 80 chars should be enough */
53 if (ctx
->algctx
!= NULL
) {
54 if (!ossl_assert(ctx
->digest
!= NULL
)) {
55 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
58 if (ctx
->digest
->freectx
!= NULL
)
59 ctx
->digest
->freectx(ctx
->algctx
);
63 if (ctx
->pctx
== NULL
) {
65 ctx
->pctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, props
);
67 ctx
->pctx
= EVP_PKEY_CTX_new(pkey
, e
);
69 if (ctx
->pctx
== NULL
)
73 evp_pkey_ctx_free_old_ops(locpctx
);
76 props
= locpctx
->propquery
;
80 if (evp_pkey_ctx_is_legacy(locpctx
))
84 * Try to derive the supported signature from |locpctx->keymgmt|.
86 if (!ossl_assert(locpctx
->pkey
->keymgmt
== NULL
87 || locpctx
->pkey
->keymgmt
== locpctx
->keymgmt
)) {
88 ERR_clear_last_mark();
89 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
92 supported_sig
= evp_keymgmt_util_query_operation_name(locpctx
->keymgmt
,
94 if (supported_sig
== NULL
) {
95 ERR_clear_last_mark();
96 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
101 * Because we cleared out old ops, we shouldn't need to worry about
102 * checking if signature is already there.
104 signature
= EVP_SIGNATURE_fetch(locpctx
->libctx
, supported_sig
,
107 if (signature
== NULL
)
111 * Ensure that the key is provided, either natively, or as a cached export.
112 * We start by fetching the keymgmt with the same name as |locpctx->pkey|,
113 * but from the provider of the signature method, using the same property
114 * query as when fetching the signature method.
115 * With the keymgmt we found (if we did), we try to export |locpctx->pkey|
116 * to it (evp_pkey_export_to_provider() is smart enough to only actually
118 * export it if |tmp_keymgmt| is different from |locpctx->pkey|'s keymgmt)
121 = evp_keymgmt_fetch_from_prov(EVP_SIGNATURE_get0_provider(signature
),
122 EVP_KEYMGMT_get0_name(locpctx
->keymgmt
),
124 if (tmp_keymgmt
!= NULL
)
125 provkey
= evp_pkey_export_to_provider(locpctx
->pkey
, locpctx
->libctx
,
126 &tmp_keymgmt
, locpctx
->propquery
);
127 if (provkey
== NULL
) {
128 ERR_clear_last_mark();
129 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
135 /* No more legacy from here down to legacy: */
140 locpctx
->op
.sig
.signature
= signature
;
141 locpctx
->operation
= ver
? EVP_PKEY_OP_VERIFYCTX
142 : EVP_PKEY_OP_SIGNCTX
;
143 locpctx
->op
.sig
.algctx
144 = signature
->newctx(ossl_provider_ctx(signature
->prov
), props
);
145 if (locpctx
->op
.sig
.algctx
== NULL
) {
146 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
150 ctx
->reqdigest
= type
;
152 mdname
= canon_mdname(EVP_MD_get0_name(type
));
154 if (mdname
== NULL
) {
155 if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt
, provkey
,
157 sizeof(locmdname
)) > 0) {
158 mdname
= canon_mdname(locmdname
);
162 if (mdname
!= NULL
) {
164 * We're about to get a new digest so clear anything associated with
167 evp_md_ctx_clear_digest(ctx
, 1);
169 /* legacy code support for engines */
172 * This might be requested by a later call to EVP_MD_CTX_get0_md().
173 * In that case the "explicit fetch" rules apply for that
174 * function (as per man pages), i.e. the ref count is not updated
175 * so the EVP_MD should not be used beyound the lifetime of the
178 ctx
->fetched_digest
= EVP_MD_fetch(locpctx
->libctx
, mdname
, props
);
179 if (ctx
->fetched_digest
!= NULL
) {
180 ctx
->digest
= ctx
->reqdigest
= ctx
->fetched_digest
;
182 /* legacy engine support : remove the mark when this is deleted */
183 ctx
->reqdigest
= ctx
->digest
= EVP_get_digestbyname(mdname
);
184 if (ctx
->digest
== NULL
) {
185 (void)ERR_clear_last_mark();
186 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
190 (void)ERR_pop_to_mark();
195 if (signature
->digest_verify_init
== NULL
) {
196 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
199 ret
= signature
->digest_verify_init(locpctx
->op
.sig
.algctx
,
200 mdname
, provkey
, params
);
202 if (signature
->digest_sign_init
== NULL
) {
203 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
206 ret
= signature
->digest_sign_init(locpctx
->op
.sig
.algctx
,
207 mdname
, provkey
, params
);
211 * If the operation was not a success and no digest was found, an error
212 * needs to be raised.
214 if (ret
> 0 || mdname
!= NULL
)
216 if (type
== NULL
) /* This check is redundant but clarifies matters */
217 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_DEFAULT_DIGEST
);
220 evp_pkey_ctx_free_old_ops(locpctx
);
221 locpctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
222 EVP_KEYMGMT_free(tmp_keymgmt
);
227 * If we don't have the full support we need with provided methods,
228 * let's go see if legacy does.
231 EVP_KEYMGMT_free(tmp_keymgmt
);
234 if (type
== NULL
&& mdname
!= NULL
)
235 type
= evp_get_digestbyname_ex(locpctx
->libctx
, mdname
);
237 if (ctx
->pctx
->pmeth
== NULL
) {
238 ERR_raise(ERR_LIB_EVP
, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
242 if (!(ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)) {
246 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
247 type
= EVP_get_digestbynid(def_nid
);
251 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_DEFAULT_DIGEST
);
257 if (ctx
->pctx
->pmeth
->verifyctx_init
) {
258 if (ctx
->pctx
->pmeth
->verifyctx_init(ctx
->pctx
, ctx
) <= 0)
260 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFYCTX
;
261 } else if (ctx
->pctx
->pmeth
->digestverify
!= 0) {
262 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFY
;
263 ctx
->update
= update
;
264 } else if (EVP_PKEY_verify_init(ctx
->pctx
) <= 0) {
268 if (ctx
->pctx
->pmeth
->signctx_init
) {
269 if (ctx
->pctx
->pmeth
->signctx_init(ctx
->pctx
, ctx
) <= 0)
271 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGNCTX
;
272 } else if (ctx
->pctx
->pmeth
->digestsign
!= 0) {
273 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGN
;
274 ctx
->update
= update
;
275 } else if (EVP_PKEY_sign_init(ctx
->pctx
) <= 0) {
279 if (EVP_PKEY_CTX_set_signature_md(ctx
->pctx
, type
) <= 0)
283 if (ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)
285 if (!EVP_DigestInit_ex(ctx
, type
, e
))
288 * This indicates the current algorithm requires
289 * special treatment before hashing the tbs-message.
291 ctx
->pctx
->flag_call_digest_custom
= 0;
292 if (ctx
->pctx
->pmeth
->digest_custom
!= NULL
)
293 ctx
->pctx
->flag_call_digest_custom
= 1;
300 ret
= evp_pkey_ctx_use_cached_data(locpctx
);
303 EVP_KEYMGMT_free(tmp_keymgmt
);
304 return ret
> 0 ? 1 : 0;
307 int EVP_DigestSignInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
308 const char *mdname
, OSSL_LIB_CTX
*libctx
,
309 const char *props
, EVP_PKEY
*pkey
,
310 const OSSL_PARAM params
[])
312 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 0,
316 int EVP_DigestSignInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
317 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
319 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 0,
323 int EVP_DigestVerifyInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
324 const char *mdname
, OSSL_LIB_CTX
*libctx
,
325 const char *props
, EVP_PKEY
*pkey
,
326 const OSSL_PARAM params
[])
328 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 1,
332 int EVP_DigestVerifyInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
333 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
335 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 1,
338 #endif /* FIPS_MDOE */
340 int EVP_DigestSignUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
342 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
345 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
346 || pctx
->op
.sig
.algctx
== NULL
347 || pctx
->op
.sig
.signature
== NULL
)
350 if (pctx
->op
.sig
.signature
->digest_sign_update
== NULL
) {
351 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
355 return pctx
->op
.sig
.signature
->digest_sign_update(pctx
->op
.sig
.algctx
,
360 /* do_sigver_init() checked that |digest_custom| is non-NULL */
361 if (pctx
->flag_call_digest_custom
362 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
364 pctx
->flag_call_digest_custom
= 0;
367 return EVP_DigestUpdate(ctx
, data
, dsize
);
370 int EVP_DigestVerifyUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
372 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
375 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
376 || pctx
->op
.sig
.algctx
== NULL
377 || pctx
->op
.sig
.signature
== NULL
)
380 if (pctx
->op
.sig
.signature
->digest_verify_update
== NULL
) {
381 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
385 return pctx
->op
.sig
.signature
->digest_verify_update(pctx
->op
.sig
.algctx
,
390 /* do_sigver_init() checked that |digest_custom| is non-NULL */
391 if (pctx
->flag_call_digest_custom
392 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
394 pctx
->flag_call_digest_custom
= 0;
397 return EVP_DigestUpdate(ctx
, data
, dsize
);
401 int EVP_DigestSignFinal(EVP_MD_CTX
*ctx
, unsigned char *sigret
,
405 EVP_PKEY_CTX
*dctx
, *pctx
= ctx
->pctx
;
408 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
409 || pctx
->op
.sig
.algctx
== NULL
410 || pctx
->op
.sig
.signature
== NULL
)
413 if (sigret
== NULL
|| (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) != 0)
414 return pctx
->op
.sig
.signature
->digest_sign_final(pctx
->op
.sig
.algctx
,
416 (sigret
== NULL
) ? 0 : *siglen
);
417 dctx
= EVP_PKEY_CTX_dup(pctx
);
421 r
= dctx
->op
.sig
.signature
->digest_sign_final(dctx
->op
.sig
.algctx
,
423 (sigret
== NULL
) ? 0 : *siglen
);
424 EVP_PKEY_CTX_free(dctx
);
428 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
429 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
433 /* do_sigver_init() checked that |digest_custom| is non-NULL */
434 if (pctx
->flag_call_digest_custom
435 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
437 pctx
->flag_call_digest_custom
= 0;
439 if (pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
) {
441 return pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
442 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
)
443 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
445 dctx
= EVP_PKEY_CTX_dup(pctx
);
448 r
= dctx
->pmeth
->signctx(dctx
, sigret
, siglen
, ctx
);
449 EVP_PKEY_CTX_free(dctx
);
453 if (pctx
->pmeth
->signctx
!= NULL
)
457 if (sigret
!= NULL
) {
458 unsigned char md
[EVP_MAX_MD_SIZE
];
459 unsigned int mdlen
= 0;
461 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
463 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
465 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
467 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
471 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
472 EVP_MD_CTX_free(tmp_ctx
);
476 r
= tmp_ctx
->pctx
->pmeth
->signctx(tmp_ctx
->pctx
,
477 sigret
, siglen
, tmp_ctx
);
479 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
480 EVP_MD_CTX_free(tmp_ctx
);
484 if (EVP_PKEY_sign(pctx
, sigret
, siglen
, md
, mdlen
) <= 0)
488 if (pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
) <= 0)
491 int s
= EVP_MD_get_size(ctx
->digest
);
493 if (s
< 0 || EVP_PKEY_sign(pctx
, sigret
, siglen
, NULL
, s
) <= 0)
500 int EVP_DigestSign(EVP_MD_CTX
*ctx
, unsigned char *sigret
, size_t *siglen
,
501 const unsigned char *tbs
, size_t tbslen
)
503 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
506 && pctx
->operation
== EVP_PKEY_OP_SIGNCTX
507 && pctx
->op
.sig
.algctx
!= NULL
508 && pctx
->op
.sig
.signature
!= NULL
) {
509 if (pctx
->op
.sig
.signature
->digest_sign
!= NULL
)
510 return pctx
->op
.sig
.signature
->digest_sign(pctx
->op
.sig
.algctx
,
512 sigret
== NULL
? 0 : *siglen
,
516 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestsign
!= NULL
)
517 return ctx
->pctx
->pmeth
->digestsign(ctx
, sigret
, siglen
, tbs
, tbslen
);
520 if (sigret
!= NULL
&& EVP_DigestSignUpdate(ctx
, tbs
, tbslen
) <= 0)
522 return EVP_DigestSignFinal(ctx
, sigret
, siglen
);
525 int EVP_DigestVerifyFinal(EVP_MD_CTX
*ctx
, const unsigned char *sig
,
528 unsigned char md
[EVP_MAX_MD_SIZE
];
530 unsigned int mdlen
= 0;
532 EVP_PKEY_CTX
*dctx
, *pctx
= ctx
->pctx
;
535 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
536 || pctx
->op
.sig
.algctx
== NULL
537 || pctx
->op
.sig
.signature
== NULL
)
540 if ((ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) != 0)
541 return pctx
->op
.sig
.signature
->digest_verify_final(pctx
->op
.sig
.algctx
,
543 dctx
= EVP_PKEY_CTX_dup(pctx
);
547 r
= dctx
->op
.sig
.signature
->digest_verify_final(dctx
->op
.sig
.algctx
,
549 EVP_PKEY_CTX_free(dctx
);
553 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
554 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
558 /* do_sigver_init() checked that |digest_custom| is non-NULL */
559 if (pctx
->flag_call_digest_custom
560 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
562 pctx
->flag_call_digest_custom
= 0;
564 if (pctx
->pmeth
->verifyctx
!= NULL
)
568 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
570 r
= pctx
->pmeth
->verifyctx(pctx
, sig
, siglen
, ctx
);
572 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
574 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
577 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
578 EVP_MD_CTX_free(tmp_ctx
);
582 r
= tmp_ctx
->pctx
->pmeth
->verifyctx(tmp_ctx
->pctx
,
583 sig
, siglen
, tmp_ctx
);
585 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
586 EVP_MD_CTX_free(tmp_ctx
);
590 return EVP_PKEY_verify(pctx
, sig
, siglen
, md
, mdlen
);
593 int EVP_DigestVerify(EVP_MD_CTX
*ctx
, const unsigned char *sigret
,
594 size_t siglen
, const unsigned char *tbs
, size_t tbslen
)
596 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
599 && pctx
->operation
== EVP_PKEY_OP_VERIFYCTX
600 && pctx
->op
.sig
.algctx
!= NULL
601 && pctx
->op
.sig
.signature
!= NULL
) {
602 if (pctx
->op
.sig
.signature
->digest_verify
!= NULL
)
603 return pctx
->op
.sig
.signature
->digest_verify(pctx
->op
.sig
.algctx
,
608 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestverify
!= NULL
)
609 return ctx
->pctx
->pmeth
->digestverify(ctx
, sigret
, siglen
, tbs
, tbslen
);
612 if (EVP_DigestVerifyUpdate(ctx
, tbs
, tbslen
) <= 0)
614 return EVP_DigestVerifyFinal(ctx
, sigret
, siglen
);
616 #endif /* FIPS_MODULE */