2 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include <openssl/x509.h>
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
21 static int update(EVP_MD_CTX
*ctx
, const void *data
, size_t datalen
)
23 EVPerr(EVP_F_UPDATE
, EVP_R_ONLY_ONESHOT_SUPPORTED
);
28 * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
31 static const char *canon_mdname(const char *mdname
)
33 if (mdname
!= NULL
&& strcmp(mdname
, "UNDEF") == 0)
39 static int do_sigver_init(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
40 const EVP_MD
*type
, const char *mdname
,
41 OPENSSL_CTX
*libctx
, const char *props
,
42 ENGINE
*e
, EVP_PKEY
*pkey
, int ver
)
44 EVP_PKEY_CTX
*locpctx
= NULL
;
45 EVP_SIGNATURE
*signature
= NULL
;
46 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
47 const char *supported_sig
= NULL
;
48 char locmdname
[80] = ""; /* 80 chars should be enough */
52 if (ctx
->provctx
!= NULL
) {
53 if (!ossl_assert(ctx
->digest
!= NULL
)) {
54 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
57 if (ctx
->digest
->freectx
!= NULL
)
58 ctx
->digest
->freectx(ctx
->provctx
);
62 if (ctx
->pctx
== NULL
) {
64 ctx
->pctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, props
);
66 ctx
->pctx
= EVP_PKEY_CTX_new(pkey
, e
);
68 if (ctx
->pctx
== NULL
)
72 evp_pkey_ctx_free_old_ops(locpctx
);
75 props
= locpctx
->propquery
;
78 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
79 * calls can be removed.
83 if (locpctx
->engine
!= NULL
|| locpctx
->keytype
== NULL
)
87 * Ensure that the key is provided, either natively, or as a cached export.
89 tmp_keymgmt
= locpctx
->keymgmt
;
90 provkey
= evp_pkey_export_to_provider(locpctx
->pkey
, locpctx
->libctx
,
91 &tmp_keymgmt
, locpctx
->propquery
);
92 if (provkey
== NULL
) {
94 * If we couldn't find a keymgmt at all try legacy.
95 * TODO(3.0): Once all legacy algorithms (SM2, HMAC etc) have provider
96 * based implementations this fallback shouldn't be necessary. Either
97 * we have an ENGINE based implementation (in which case we should have
98 * already fallen back in the test above here), or we don't have the
99 * provider based implementation loaded (in which case this is an
100 * application config error)
102 if (locpctx
->keymgmt
== NULL
)
104 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
107 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
)) {
108 ERR_clear_last_mark();
109 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
112 EVP_KEYMGMT_free(locpctx
->keymgmt
);
113 locpctx
->keymgmt
= tmp_keymgmt
;
115 if (locpctx
->keymgmt
->query_operation_name
!= NULL
)
117 locpctx
->keymgmt
->query_operation_name(OSSL_OP_SIGNATURE
);
120 * If we didn't get a supported sig, assume there is one with the
121 * same name as the key type.
123 if (supported_sig
== NULL
)
124 supported_sig
= locpctx
->keytype
;
127 * Because we cleared out old ops, we shouldn't need to worry about
128 * checking if signature is already there.
130 signature
= EVP_SIGNATURE_fetch(locpctx
->libctx
, supported_sig
,
133 if (signature
== NULL
134 || (EVP_KEYMGMT_provider(locpctx
->keymgmt
)
135 != EVP_SIGNATURE_provider(signature
))) {
137 * We don't need to free ctx->keymgmt here, as it's not necessarily
138 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
140 EVP_SIGNATURE_free(signature
);
145 * TODO remove this when legacy is gone
146 * If we don't have the full support we need with provided methods,
147 * let's go see if legacy does.
151 /* No more legacy from here down to legacy: */
156 locpctx
->op
.sig
.signature
= signature
;
157 locpctx
->operation
= ver
? EVP_PKEY_OP_VERIFYCTX
158 : EVP_PKEY_OP_SIGNCTX
;
159 locpctx
->op
.sig
.sigprovctx
160 = signature
->newctx(ossl_provider_ctx(signature
->prov
), props
);
161 if (locpctx
->op
.sig
.sigprovctx
== NULL
) {
162 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
166 ctx
->reqdigest
= type
;
168 mdname
= canon_mdname(EVP_MD_name(type
));
170 if (mdname
== NULL
) {
171 if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt
, provkey
,
173 sizeof(locmdname
)) > 0) {
174 mdname
= canon_mdname(locmdname
);
178 if (mdname
!= NULL
) {
180 * This might be requested by a later call to EVP_MD_CTX_md().
181 * In that case the "explicit fetch" rules apply for that
182 * function (as per man pages), i.e. the ref count is not updated
183 * so the EVP_MD should not be used beyound the lifetime of the
186 ctx
->digest
= ctx
->reqdigest
= ctx
->fetched_digest
=
187 EVP_MD_fetch(locpctx
->libctx
, mdname
, props
);
192 if (signature
->digest_verify_init
== NULL
) {
193 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
196 ret
= signature
->digest_verify_init(locpctx
->op
.sig
.sigprovctx
,
199 if (signature
->digest_sign_init
== NULL
) {
200 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
203 ret
= signature
->digest_sign_init(locpctx
->op
.sig
.sigprovctx
,
209 evp_pkey_ctx_free_old_ops(locpctx
);
210 locpctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
215 * TODO remove this when legacy is gone
216 * If we don't have the full support we need with provided methods,
217 * let's go see if legacy does.
221 if (type
== NULL
&& mdname
!= NULL
)
222 type
= evp_get_digestbyname_ex(locpctx
->libctx
, mdname
);
224 if (ctx
->pctx
->pmeth
== NULL
) {
225 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
229 if (!(ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)) {
233 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
234 type
= EVP_get_digestbynid(def_nid
);
238 EVPerr(EVP_F_DO_SIGVER_INIT
, EVP_R_NO_DEFAULT_DIGEST
);
244 if (ctx
->pctx
->pmeth
->verifyctx_init
) {
245 if (ctx
->pctx
->pmeth
->verifyctx_init(ctx
->pctx
, ctx
) <= 0)
247 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFYCTX
;
248 } else if (ctx
->pctx
->pmeth
->digestverify
!= 0) {
249 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFY
;
250 ctx
->update
= update
;
251 } else if (EVP_PKEY_verify_init(ctx
->pctx
) <= 0) {
255 if (ctx
->pctx
->pmeth
->signctx_init
) {
256 if (ctx
->pctx
->pmeth
->signctx_init(ctx
->pctx
, ctx
) <= 0)
258 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGNCTX
;
259 } else if (ctx
->pctx
->pmeth
->digestsign
!= 0) {
260 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGN
;
261 ctx
->update
= update
;
262 } else if (EVP_PKEY_sign_init(ctx
->pctx
) <= 0) {
266 if (EVP_PKEY_CTX_set_signature_md(ctx
->pctx
, type
) <= 0)
270 if (ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)
272 if (!EVP_DigestInit_ex(ctx
, type
, e
))
275 * This indicates the current algorithm requires
276 * special treatment before hashing the tbs-message.
278 ctx
->pctx
->flag_call_digest_custom
= 0;
279 if (ctx
->pctx
->pmeth
->digest_custom
!= NULL
)
280 ctx
->pctx
->flag_call_digest_custom
= 1;
285 int EVP_DigestSignInit_with_libctx(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
287 OPENSSL_CTX
*libctx
, const char *props
,
290 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 0);
293 int EVP_DigestSignInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
294 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
296 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 0);
299 int EVP_DigestVerifyInit_with_libctx(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
301 OPENSSL_CTX
*libctx
, const char *props
,
304 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 1);
307 int EVP_DigestVerifyInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
308 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
310 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 1);
312 #endif /* FIPS_MDOE */
314 int EVP_DigestSignUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
316 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
319 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
320 || pctx
->op
.sig
.sigprovctx
== NULL
321 || pctx
->op
.sig
.signature
== NULL
)
324 if (pctx
->op
.sig
.signature
->digest_sign_update
== NULL
) {
325 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
329 return pctx
->op
.sig
.signature
->digest_sign_update(pctx
->op
.sig
.sigprovctx
,
334 /* do_sigver_init() checked that |digest_custom| is non-NULL */
335 if (pctx
->flag_call_digest_custom
336 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
338 pctx
->flag_call_digest_custom
= 0;
341 return EVP_DigestUpdate(ctx
, data
, dsize
);
344 int EVP_DigestVerifyUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
346 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
349 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
350 || pctx
->op
.sig
.sigprovctx
== NULL
351 || pctx
->op
.sig
.signature
== NULL
)
354 if (pctx
->op
.sig
.signature
->digest_verify_update
== NULL
) {
355 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
359 return pctx
->op
.sig
.signature
->digest_verify_update(pctx
->op
.sig
.sigprovctx
,
364 /* do_sigver_init() checked that |digest_custom| is non-NULL */
365 if (pctx
->flag_call_digest_custom
366 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
368 pctx
->flag_call_digest_custom
= 0;
371 return EVP_DigestUpdate(ctx
, data
, dsize
);
375 int EVP_DigestSignFinal(EVP_MD_CTX
*ctx
, unsigned char *sigret
,
379 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
382 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
383 || pctx
->op
.sig
.sigprovctx
== NULL
384 || pctx
->op
.sig
.signature
== NULL
)
387 return pctx
->op
.sig
.signature
->digest_sign_final(pctx
->op
.sig
.sigprovctx
,
388 sigret
, siglen
, SIZE_MAX
);
391 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
392 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
396 /* do_sigver_init() checked that |digest_custom| is non-NULL */
397 if (pctx
->flag_call_digest_custom
398 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
400 pctx
->flag_call_digest_custom
= 0;
402 if (pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
) {
404 return pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
405 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
)
406 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
408 EVP_PKEY_CTX
*dctx
= EVP_PKEY_CTX_dup(pctx
);
412 r
= dctx
->pmeth
->signctx(dctx
, sigret
, siglen
, ctx
);
413 EVP_PKEY_CTX_free(dctx
);
417 if (pctx
->pmeth
->signctx
!= NULL
)
421 if (sigret
!= NULL
) {
422 unsigned char md
[EVP_MAX_MD_SIZE
];
423 unsigned int mdlen
= 0;
425 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
427 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
429 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
431 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
435 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
436 EVP_MD_CTX_free(tmp_ctx
);
440 r
= tmp_ctx
->pctx
->pmeth
->signctx(tmp_ctx
->pctx
,
441 sigret
, siglen
, tmp_ctx
);
443 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
444 EVP_MD_CTX_free(tmp_ctx
);
448 if (EVP_PKEY_sign(pctx
, sigret
, siglen
, md
, mdlen
) <= 0)
452 if (pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
) <= 0)
455 int s
= EVP_MD_size(ctx
->digest
);
457 if (s
< 0 || EVP_PKEY_sign(pctx
, sigret
, siglen
, NULL
, s
) <= 0)
464 int EVP_DigestSign(EVP_MD_CTX
*ctx
, unsigned char *sigret
, size_t *siglen
,
465 const unsigned char *tbs
, size_t tbslen
)
467 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
470 && pctx
->operation
== EVP_PKEY_OP_SIGNCTX
471 && pctx
->op
.sig
.sigprovctx
!= NULL
472 && pctx
->op
.sig
.signature
!= NULL
) {
473 if (pctx
->op
.sig
.signature
->digest_sign
!= NULL
)
474 return pctx
->op
.sig
.signature
->digest_sign(pctx
->op
.sig
.sigprovctx
,
475 sigret
, siglen
, SIZE_MAX
,
479 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestsign
!= NULL
)
480 return ctx
->pctx
->pmeth
->digestsign(ctx
, sigret
, siglen
, tbs
, tbslen
);
483 if (sigret
!= NULL
&& EVP_DigestSignUpdate(ctx
, tbs
, tbslen
) <= 0)
485 return EVP_DigestSignFinal(ctx
, sigret
, siglen
);
488 int EVP_DigestVerifyFinal(EVP_MD_CTX
*ctx
, const unsigned char *sig
,
491 unsigned char md
[EVP_MAX_MD_SIZE
];
493 unsigned int mdlen
= 0;
495 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
498 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
499 || pctx
->op
.sig
.sigprovctx
== NULL
500 || pctx
->op
.sig
.signature
== NULL
)
503 return pctx
->op
.sig
.signature
->digest_verify_final(pctx
->op
.sig
.sigprovctx
,
507 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
508 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
512 /* do_sigver_init() checked that |digest_custom| is non-NULL */
513 if (pctx
->flag_call_digest_custom
514 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
516 pctx
->flag_call_digest_custom
= 0;
518 if (pctx
->pmeth
->verifyctx
!= NULL
)
522 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
524 r
= pctx
->pmeth
->verifyctx(pctx
, sig
, siglen
, ctx
);
526 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
528 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
531 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
532 EVP_MD_CTX_free(tmp_ctx
);
536 r
= tmp_ctx
->pctx
->pmeth
->verifyctx(tmp_ctx
->pctx
,
537 sig
, siglen
, tmp_ctx
);
539 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
540 EVP_MD_CTX_free(tmp_ctx
);
544 return EVP_PKEY_verify(pctx
, sig
, siglen
, md
, mdlen
);
547 int EVP_DigestVerify(EVP_MD_CTX
*ctx
, const unsigned char *sigret
,
548 size_t siglen
, const unsigned char *tbs
, size_t tbslen
)
550 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
553 && pctx
->operation
== EVP_PKEY_OP_VERIFYCTX
554 && pctx
->op
.sig
.sigprovctx
!= NULL
555 && pctx
->op
.sig
.signature
!= NULL
) {
556 if (pctx
->op
.sig
.signature
->digest_verify
!= NULL
)
557 return pctx
->op
.sig
.signature
->digest_verify(pctx
->op
.sig
.sigprovctx
,
562 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestverify
!= NULL
)
563 return ctx
->pctx
->pmeth
->digestverify(ctx
, sigret
, siglen
, tbs
, tbslen
);
566 if (EVP_DigestVerifyUpdate(ctx
, tbs
, tbslen
) <= 0)
568 return EVP_DigestVerifyFinal(ctx
, sigret
, siglen
);
570 #endif /* FIPS_MODULE */