2 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include <openssl/x509.h>
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
21 static int update(EVP_MD_CTX
*ctx
, const void *data
, size_t datalen
)
23 EVPerr(EVP_F_UPDATE
, EVP_R_ONLY_ONESHOT_SUPPORTED
);
28 * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
31 static const char *canon_mdname(const char *mdname
)
33 if (mdname
!= NULL
&& strcmp(mdname
, "UNDEF") == 0)
39 static int do_sigver_init(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
40 const EVP_MD
*type
, const char *mdname
,
41 OPENSSL_CTX
*libctx
, const char *props
,
42 ENGINE
*e
, EVP_PKEY
*pkey
, int ver
)
44 EVP_PKEY_CTX
*locpctx
= NULL
;
45 EVP_SIGNATURE
*signature
= NULL
;
46 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
47 const char *supported_sig
= NULL
;
48 char locmdname
[80] = ""; /* 80 chars should be enough */
52 if (ctx
->provctx
!= NULL
) {
53 if (!ossl_assert(ctx
->digest
!= NULL
)) {
54 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
57 if (ctx
->digest
->freectx
!= NULL
)
58 ctx
->digest
->freectx(ctx
->provctx
);
62 if (ctx
->pctx
== NULL
) {
64 ctx
->pctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, props
);
66 ctx
->pctx
= EVP_PKEY_CTX_new(pkey
, e
);
68 if (ctx
->pctx
== NULL
)
72 evp_pkey_ctx_free_old_ops(locpctx
);
75 props
= locpctx
->propquery
;
78 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
79 * calls can be removed.
83 if (evp_pkey_ctx_is_legacy(locpctx
))
87 * Ensure that the key is provided, either natively, or as a cached export.
89 tmp_keymgmt
= locpctx
->keymgmt
;
90 provkey
= evp_pkey_export_to_provider(locpctx
->pkey
, locpctx
->libctx
,
91 &tmp_keymgmt
, locpctx
->propquery
);
92 if (provkey
== NULL
) {
94 * If we couldn't find a keymgmt at all try legacy.
95 * TODO(3.0): Once all legacy algorithms (SM2, HMAC etc) have provider
96 * based implementations this fallback shouldn't be necessary. Either
97 * we have an ENGINE based implementation (in which case we should have
98 * already fallen back in the test above here), or we don't have the
99 * provider based implementation loaded (in which case this is an
100 * application config error)
102 if (locpctx
->keymgmt
== NULL
)
104 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
107 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
)) {
108 ERR_clear_last_mark();
109 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
112 EVP_KEYMGMT_free(locpctx
->keymgmt
);
113 locpctx
->keymgmt
= tmp_keymgmt
;
115 if (locpctx
->keymgmt
->query_operation_name
!= NULL
)
117 locpctx
->keymgmt
->query_operation_name(OSSL_OP_SIGNATURE
);
120 * If we didn't get a supported sig, assume there is one with the
121 * same name as the key type.
123 if (supported_sig
== NULL
)
124 supported_sig
= locpctx
->keytype
;
127 * Because we cleared out old ops, we shouldn't need to worry about
128 * checking if signature is already there.
130 signature
= EVP_SIGNATURE_fetch(locpctx
->libctx
, supported_sig
,
133 if (signature
== NULL
134 || (EVP_KEYMGMT_provider(locpctx
->keymgmt
)
135 != EVP_SIGNATURE_provider(signature
))) {
137 * We don't need to free ctx->keymgmt here, as it's not necessarily
138 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
140 EVP_SIGNATURE_free(signature
);
145 * TODO remove this when legacy is gone
146 * If we don't have the full support we need with provided methods,
147 * let's go see if legacy does.
151 /* No more legacy from here down to legacy: */
156 locpctx
->op
.sig
.signature
= signature
;
157 locpctx
->operation
= ver
? EVP_PKEY_OP_VERIFYCTX
158 : EVP_PKEY_OP_SIGNCTX
;
159 locpctx
->op
.sig
.sigprovctx
160 = signature
->newctx(ossl_provider_ctx(signature
->prov
), props
);
161 if (locpctx
->op
.sig
.sigprovctx
== NULL
) {
162 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
166 ctx
->reqdigest
= type
;
168 mdname
= canon_mdname(EVP_MD_name(type
));
170 if (mdname
== NULL
) {
171 if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt
, provkey
,
173 sizeof(locmdname
)) > 0) {
174 mdname
= canon_mdname(locmdname
);
178 if (mdname
!= NULL
) {
180 * We're about to get a new digest so clear anything associated with
183 evp_md_ctx_clear_digest(ctx
, 1);
185 /* legacy code support for engines */
188 * This might be requested by a later call to EVP_MD_CTX_md().
189 * In that case the "explicit fetch" rules apply for that
190 * function (as per man pages), i.e. the ref count is not updated
191 * so the EVP_MD should not be used beyound the lifetime of the
194 ctx
->fetched_digest
= EVP_MD_fetch(locpctx
->libctx
, mdname
, props
);
195 if (ctx
->fetched_digest
!= NULL
) {
196 ctx
->digest
= ctx
->reqdigest
= ctx
->fetched_digest
;
198 /* legacy engine support : remove the mark when this is deleted */
199 ctx
->reqdigest
= ctx
->digest
= EVP_get_digestbyname(mdname
);
200 if (ctx
->digest
== NULL
) {
201 (void)ERR_clear_last_mark();
202 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
206 (void)ERR_pop_to_mark();
211 if (signature
->digest_verify_init
== NULL
) {
212 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
215 ret
= signature
->digest_verify_init(locpctx
->op
.sig
.sigprovctx
,
218 if (signature
->digest_sign_init
== NULL
) {
219 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
222 ret
= signature
->digest_sign_init(locpctx
->op
.sig
.sigprovctx
,
229 evp_pkey_ctx_free_old_ops(locpctx
);
230 locpctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
235 * TODO remove this when legacy is gone
236 * If we don't have the full support we need with provided methods,
237 * let's go see if legacy does.
241 if (type
== NULL
&& mdname
!= NULL
)
242 type
= evp_get_digestbyname_ex(locpctx
->libctx
, mdname
);
244 if (ctx
->pctx
->pmeth
== NULL
) {
245 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
249 if (!(ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)) {
253 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
254 type
= EVP_get_digestbynid(def_nid
);
258 EVPerr(EVP_F_DO_SIGVER_INIT
, EVP_R_NO_DEFAULT_DIGEST
);
264 if (ctx
->pctx
->pmeth
->verifyctx_init
) {
265 if (ctx
->pctx
->pmeth
->verifyctx_init(ctx
->pctx
, ctx
) <= 0)
267 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFYCTX
;
268 } else if (ctx
->pctx
->pmeth
->digestverify
!= 0) {
269 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFY
;
270 ctx
->update
= update
;
271 } else if (EVP_PKEY_verify_init(ctx
->pctx
) <= 0) {
275 if (ctx
->pctx
->pmeth
->signctx_init
) {
276 if (ctx
->pctx
->pmeth
->signctx_init(ctx
->pctx
, ctx
) <= 0)
278 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGNCTX
;
279 } else if (ctx
->pctx
->pmeth
->digestsign
!= 0) {
280 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGN
;
281 ctx
->update
= update
;
282 } else if (EVP_PKEY_sign_init(ctx
->pctx
) <= 0) {
286 if (EVP_PKEY_CTX_set_signature_md(ctx
->pctx
, type
) <= 0)
290 if (ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)
292 if (!EVP_DigestInit_ex(ctx
, type
, e
))
295 * This indicates the current algorithm requires
296 * special treatment before hashing the tbs-message.
298 ctx
->pctx
->flag_call_digest_custom
= 0;
299 if (ctx
->pctx
->pmeth
->digest_custom
!= NULL
)
300 ctx
->pctx
->flag_call_digest_custom
= 1;
307 ret
= evp_pkey_ctx_use_cached_data(locpctx
);
310 return ret
> 0 ? 1 : 0;
313 int EVP_DigestSignInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
314 const char *mdname
, OPENSSL_CTX
*libctx
,
315 const char *props
, EVP_PKEY
*pkey
)
317 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 0);
320 int EVP_DigestSignInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
321 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
323 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 0);
326 int EVP_DigestVerifyInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
327 const char *mdname
, OPENSSL_CTX
*libctx
,
328 const char *props
, EVP_PKEY
*pkey
)
330 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 1);
333 int EVP_DigestVerifyInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
334 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
336 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 1);
338 #endif /* FIPS_MDOE */
340 int EVP_DigestSignUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
342 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
345 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
346 || pctx
->op
.sig
.sigprovctx
== NULL
347 || pctx
->op
.sig
.signature
== NULL
)
350 if (pctx
->op
.sig
.signature
->digest_sign_update
== NULL
) {
351 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
355 return pctx
->op
.sig
.signature
->digest_sign_update(pctx
->op
.sig
.sigprovctx
,
360 /* do_sigver_init() checked that |digest_custom| is non-NULL */
361 if (pctx
->flag_call_digest_custom
362 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
364 pctx
->flag_call_digest_custom
= 0;
367 return EVP_DigestUpdate(ctx
, data
, dsize
);
370 int EVP_DigestVerifyUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
372 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
375 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
376 || pctx
->op
.sig
.sigprovctx
== NULL
377 || pctx
->op
.sig
.signature
== NULL
)
380 if (pctx
->op
.sig
.signature
->digest_verify_update
== NULL
) {
381 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
385 return pctx
->op
.sig
.signature
->digest_verify_update(pctx
->op
.sig
.sigprovctx
,
390 /* do_sigver_init() checked that |digest_custom| is non-NULL */
391 if (pctx
->flag_call_digest_custom
392 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
394 pctx
->flag_call_digest_custom
= 0;
397 return EVP_DigestUpdate(ctx
, data
, dsize
);
401 int EVP_DigestSignFinal(EVP_MD_CTX
*ctx
, unsigned char *sigret
,
405 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
408 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
409 || pctx
->op
.sig
.sigprovctx
== NULL
410 || pctx
->op
.sig
.signature
== NULL
)
413 return pctx
->op
.sig
.signature
->digest_sign_final(pctx
->op
.sig
.sigprovctx
,
414 sigret
, siglen
, SIZE_MAX
);
417 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
418 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
422 /* do_sigver_init() checked that |digest_custom| is non-NULL */
423 if (pctx
->flag_call_digest_custom
424 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
426 pctx
->flag_call_digest_custom
= 0;
428 if (pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
) {
430 return pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
431 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
)
432 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
434 EVP_PKEY_CTX
*dctx
= EVP_PKEY_CTX_dup(pctx
);
438 r
= dctx
->pmeth
->signctx(dctx
, sigret
, siglen
, ctx
);
439 EVP_PKEY_CTX_free(dctx
);
443 if (pctx
->pmeth
->signctx
!= NULL
)
447 if (sigret
!= NULL
) {
448 unsigned char md
[EVP_MAX_MD_SIZE
];
449 unsigned int mdlen
= 0;
451 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
453 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
455 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
457 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
461 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
462 EVP_MD_CTX_free(tmp_ctx
);
466 r
= tmp_ctx
->pctx
->pmeth
->signctx(tmp_ctx
->pctx
,
467 sigret
, siglen
, tmp_ctx
);
469 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
470 EVP_MD_CTX_free(tmp_ctx
);
474 if (EVP_PKEY_sign(pctx
, sigret
, siglen
, md
, mdlen
) <= 0)
478 if (pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
) <= 0)
481 int s
= EVP_MD_size(ctx
->digest
);
483 if (s
< 0 || EVP_PKEY_sign(pctx
, sigret
, siglen
, NULL
, s
) <= 0)
490 int EVP_DigestSign(EVP_MD_CTX
*ctx
, unsigned char *sigret
, size_t *siglen
,
491 const unsigned char *tbs
, size_t tbslen
)
493 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
496 && pctx
->operation
== EVP_PKEY_OP_SIGNCTX
497 && pctx
->op
.sig
.sigprovctx
!= NULL
498 && pctx
->op
.sig
.signature
!= NULL
) {
499 if (pctx
->op
.sig
.signature
->digest_sign
!= NULL
)
500 return pctx
->op
.sig
.signature
->digest_sign(pctx
->op
.sig
.sigprovctx
,
501 sigret
, siglen
, SIZE_MAX
,
505 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestsign
!= NULL
)
506 return ctx
->pctx
->pmeth
->digestsign(ctx
, sigret
, siglen
, tbs
, tbslen
);
509 if (sigret
!= NULL
&& EVP_DigestSignUpdate(ctx
, tbs
, tbslen
) <= 0)
511 return EVP_DigestSignFinal(ctx
, sigret
, siglen
);
514 int EVP_DigestVerifyFinal(EVP_MD_CTX
*ctx
, const unsigned char *sig
,
517 unsigned char md
[EVP_MAX_MD_SIZE
];
519 unsigned int mdlen
= 0;
521 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
524 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
525 || pctx
->op
.sig
.sigprovctx
== NULL
526 || pctx
->op
.sig
.signature
== NULL
)
529 return pctx
->op
.sig
.signature
->digest_verify_final(pctx
->op
.sig
.sigprovctx
,
533 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
534 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
538 /* do_sigver_init() checked that |digest_custom| is non-NULL */
539 if (pctx
->flag_call_digest_custom
540 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
542 pctx
->flag_call_digest_custom
= 0;
544 if (pctx
->pmeth
->verifyctx
!= NULL
)
548 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
550 r
= pctx
->pmeth
->verifyctx(pctx
, sig
, siglen
, ctx
);
552 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
554 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
557 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
558 EVP_MD_CTX_free(tmp_ctx
);
562 r
= tmp_ctx
->pctx
->pmeth
->verifyctx(tmp_ctx
->pctx
,
563 sig
, siglen
, tmp_ctx
);
565 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
566 EVP_MD_CTX_free(tmp_ctx
);
570 return EVP_PKEY_verify(pctx
, sig
, siglen
, md
, mdlen
);
573 int EVP_DigestVerify(EVP_MD_CTX
*ctx
, const unsigned char *sigret
,
574 size_t siglen
, const unsigned char *tbs
, size_t tbslen
)
576 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
579 && pctx
->operation
== EVP_PKEY_OP_VERIFYCTX
580 && pctx
->op
.sig
.sigprovctx
!= NULL
581 && pctx
->op
.sig
.signature
!= NULL
) {
582 if (pctx
->op
.sig
.signature
->digest_verify
!= NULL
)
583 return pctx
->op
.sig
.signature
->digest_verify(pctx
->op
.sig
.sigprovctx
,
588 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestverify
!= NULL
)
589 return ctx
->pctx
->pmeth
->digestverify(ctx
, sigret
, siglen
, tbs
, tbslen
);
592 if (EVP_DigestVerifyUpdate(ctx
, tbs
, tbslen
) <= 0)
594 return EVP_DigestVerifyFinal(ctx
, sigret
, siglen
);
596 #endif /* FIPS_MODULE */