2 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
19 static EVP_SIGNATURE
*evp_signature_new(OSSL_PROVIDER
*prov
)
21 EVP_SIGNATURE
*signature
= OPENSSL_zalloc(sizeof(EVP_SIGNATURE
));
23 if (signature
== NULL
) {
24 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
28 signature
->lock
= CRYPTO_THREAD_lock_new();
29 if (signature
->lock
== NULL
) {
30 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
31 OPENSSL_free(signature
);
34 signature
->prov
= prov
;
35 ossl_provider_up_ref(prov
);
36 signature
->refcnt
= 1;
41 static void *evp_signature_from_dispatch(int name_id
,
42 const OSSL_DISPATCH
*fns
,
45 EVP_SIGNATURE
*signature
= NULL
;
46 int ctxfncnt
= 0, signfncnt
= 0, verifyfncnt
= 0, verifyrecfncnt
= 0;
47 int digsignfncnt
= 0, digverifyfncnt
= 0;
48 int gparamfncnt
= 0, sparamfncnt
= 0, gmdparamfncnt
= 0, smdparamfncnt
= 0;
50 if ((signature
= evp_signature_new(prov
)) == NULL
) {
51 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
55 signature
->name_id
= name_id
;
57 for (; fns
->function_id
!= 0; fns
++) {
58 switch (fns
->function_id
) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX
:
60 if (signature
->newctx
!= NULL
)
62 signature
->newctx
= OSSL_get_OP_signature_newctx(fns
);
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT
:
66 if (signature
->sign_init
!= NULL
)
68 signature
->sign_init
= OSSL_get_OP_signature_sign_init(fns
);
71 case OSSL_FUNC_SIGNATURE_SIGN
:
72 if (signature
->sign
!= NULL
)
74 signature
->sign
= OSSL_get_OP_signature_sign(fns
);
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT
:
78 if (signature
->verify_init
!= NULL
)
80 signature
->verify_init
= OSSL_get_OP_signature_verify_init(fns
);
83 case OSSL_FUNC_SIGNATURE_VERIFY
:
84 if (signature
->verify
!= NULL
)
86 signature
->verify
= OSSL_get_OP_signature_verify(fns
);
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
:
90 if (signature
->verify_recover_init
!= NULL
)
92 signature
->verify_recover_init
93 = OSSL_get_OP_signature_verify_recover_init(fns
);
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
:
97 if (signature
->verify_recover
!= NULL
)
99 signature
->verify_recover
100 = OSSL_get_OP_signature_verify_recover(fns
);
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT
:
104 if (signature
->digest_sign_init
!= NULL
)
106 signature
->digest_sign_init
107 = OSSL_get_OP_signature_digest_sign_init(fns
);
109 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE
:
110 if (signature
->digest_sign_update
!= NULL
)
112 signature
->digest_sign_update
113 = OSSL_get_OP_signature_digest_sign_update(fns
);
116 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL
:
117 if (signature
->digest_sign_final
!= NULL
)
119 signature
->digest_sign_final
120 = OSSL_get_OP_signature_digest_sign_final(fns
);
123 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN
:
124 if (signature
->digest_sign
!= NULL
)
126 signature
->digest_sign
127 = OSSL_get_OP_signature_digest_sign(fns
);
129 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT
:
130 if (signature
->digest_verify_init
!= NULL
)
132 signature
->digest_verify_init
133 = OSSL_get_OP_signature_digest_verify_init(fns
);
135 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE
:
136 if (signature
->digest_verify_update
!= NULL
)
138 signature
->digest_verify_update
139 = OSSL_get_OP_signature_digest_verify_update(fns
);
142 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL
:
143 if (signature
->digest_verify_final
!= NULL
)
145 signature
->digest_verify_final
146 = OSSL_get_OP_signature_digest_verify_final(fns
);
149 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY
:
150 if (signature
->digest_verify
!= NULL
)
152 signature
->digest_verify
153 = OSSL_get_OP_signature_digest_verify(fns
);
155 case OSSL_FUNC_SIGNATURE_FREECTX
:
156 if (signature
->freectx
!= NULL
)
158 signature
->freectx
= OSSL_get_OP_signature_freectx(fns
);
161 case OSSL_FUNC_SIGNATURE_DUPCTX
:
162 if (signature
->dupctx
!= NULL
)
164 signature
->dupctx
= OSSL_get_OP_signature_dupctx(fns
);
166 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
:
167 if (signature
->get_ctx_params
!= NULL
)
169 signature
->get_ctx_params
170 = OSSL_get_OP_signature_get_ctx_params(fns
);
173 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
:
174 if (signature
->gettable_ctx_params
!= NULL
)
176 signature
->gettable_ctx_params
177 = OSSL_get_OP_signature_gettable_ctx_params(fns
);
180 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
:
181 if (signature
->set_ctx_params
!= NULL
)
183 signature
->set_ctx_params
184 = OSSL_get_OP_signature_set_ctx_params(fns
);
187 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
:
188 if (signature
->settable_ctx_params
!= NULL
)
190 signature
->settable_ctx_params
191 = OSSL_get_OP_signature_settable_ctx_params(fns
);
194 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS
:
195 if (signature
->get_ctx_md_params
!= NULL
)
197 signature
->get_ctx_md_params
198 = OSSL_get_OP_signature_get_ctx_md_params(fns
);
201 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS
:
202 if (signature
->gettable_ctx_md_params
!= NULL
)
204 signature
->gettable_ctx_md_params
205 = OSSL_get_OP_signature_gettable_ctx_md_params(fns
);
208 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS
:
209 if (signature
->set_ctx_md_params
!= NULL
)
211 signature
->set_ctx_md_params
212 = OSSL_get_OP_signature_set_ctx_md_params(fns
);
215 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
:
216 if (signature
->settable_ctx_md_params
!= NULL
)
218 signature
->settable_ctx_md_params
219 = OSSL_get_OP_signature_settable_ctx_md_params(fns
);
227 && verifyrecfncnt
== 0
229 && digverifyfncnt
== 0
230 && signature
->digest_sign
== NULL
231 && signature
->digest_verify
== NULL
)
232 || (signfncnt
!= 0 && signfncnt
!= 2)
233 || (verifyfncnt
!= 0 && verifyfncnt
!= 2)
234 || (verifyrecfncnt
!= 0 && verifyrecfncnt
!= 2)
235 || (digsignfncnt
!= 0 && digsignfncnt
!= 2)
236 || (digsignfncnt
== 2 && signature
->digest_sign_init
== NULL
)
237 || (digverifyfncnt
!= 0 && digverifyfncnt
!= 2)
238 || (digverifyfncnt
== 2 && signature
->digest_verify_init
== NULL
)
239 || (signature
->digest_sign
!= NULL
240 && signature
->digest_sign_init
== NULL
)
241 || (signature
->digest_verify
!= NULL
242 && signature
->digest_verify_init
== NULL
)
243 || (gparamfncnt
!= 0 && gparamfncnt
!= 2)
244 || (sparamfncnt
!= 0 && sparamfncnt
!= 2)
245 || (gmdparamfncnt
!= 0 && gmdparamfncnt
!= 2)
246 || (smdparamfncnt
!= 0 && smdparamfncnt
!= 2)) {
248 * In order to be a consistent set of functions we must have at least
249 * a set of context functions (newctx and freectx) as well as a set of
250 * "signature" functions:
251 * (sign_init, sign) or
252 * (verify_init verify) or
253 * (verify_recover_init, verify_recover) or
254 * (digest_sign_init, digest_sign_update, digest_sign_final) or
255 * (digest_verify_init, digest_verify_update, digest_verify_final) or
256 * (digest_sign_init, digest_sign) or
257 * (digest_verify_init, digest_verify).
259 * set_ctx_params and settable_ctx_params are optional, but if one of
260 * them is present then the other one must also be present. The same
261 * applies to get_ctx_params and gettable_ctx_params. The same rules
262 * apply to the "md_params" functions. The dupctx function is optional.
264 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
270 EVP_SIGNATURE_free(signature
);
274 void EVP_SIGNATURE_free(EVP_SIGNATURE
*signature
)
276 if (signature
!= NULL
) {
279 CRYPTO_DOWN_REF(&signature
->refcnt
, &i
, signature
->lock
);
282 ossl_provider_free(signature
->prov
);
283 CRYPTO_THREAD_lock_free(signature
->lock
);
284 OPENSSL_free(signature
);
288 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE
*signature
)
292 CRYPTO_UP_REF(&signature
->refcnt
, &ref
, signature
->lock
);
296 OSSL_PROVIDER
*EVP_SIGNATURE_provider(const EVP_SIGNATURE
*signature
)
298 return signature
->prov
;
301 EVP_SIGNATURE
*EVP_SIGNATURE_fetch(OPENSSL_CTX
*ctx
, const char *algorithm
,
302 const char *properties
)
304 return evp_generic_fetch(ctx
, OSSL_OP_SIGNATURE
, algorithm
, properties
,
305 evp_signature_from_dispatch
,
306 (int (*)(void *))EVP_SIGNATURE_up_ref
,
307 (void (*)(void *))EVP_SIGNATURE_free
);
310 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE
*signature
, const char *name
)
312 return evp_is_a(signature
->prov
, signature
->name_id
, NULL
, name
);
315 int EVP_SIGNATURE_number(const EVP_SIGNATURE
*signature
)
317 return signature
->name_id
;
320 void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX
*libctx
,
321 void (*fn
)(EVP_SIGNATURE
*signature
,
325 evp_generic_do_all(libctx
, OSSL_OP_SIGNATURE
,
326 (void (*)(void *, void *))fn
, arg
,
327 evp_signature_from_dispatch
,
328 (void (*)(void *))EVP_SIGNATURE_free
);
332 void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE
*signature
,
333 void (*fn
)(const char *name
, void *data
),
336 if (signature
->prov
!= NULL
)
337 evp_names_do_all(signature
->prov
, signature
->name_id
, fn
, data
);
340 static int evp_pkey_signature_init(EVP_PKEY_CTX
*ctx
, int operation
)
343 void *provkey
= NULL
;
344 EVP_SIGNATURE
*signature
= NULL
;
345 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
346 const char *supported_sig
= NULL
;
349 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
353 evp_pkey_ctx_free_old_ops(ctx
);
354 ctx
->operation
= operation
;
357 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
358 * calls can be removed.
362 if (ctx
->keymgmt
== NULL
)
366 * Ensure that the key is provided, either natively, or as a cached export.
369 tmp_keymgmt
= ctx
->keymgmt
;
370 provkey
= evp_pkey_export_to_provider(ctx
->pkey
, ctx
->libctx
,
371 &tmp_keymgmt
, ctx
->propquery
);
372 if (tmp_keymgmt
== NULL
)
374 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
)) {
375 ERR_clear_last_mark();
376 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
379 EVP_KEYMGMT_free(ctx
->keymgmt
);
380 ctx
->keymgmt
= tmp_keymgmt
;
382 if (ctx
->keymgmt
->query_operation_name
!= NULL
)
383 supported_sig
= ctx
->keymgmt
->query_operation_name(OSSL_OP_SIGNATURE
);
386 * If we didn't get a supported sig, assume there is one with the
387 * same name as the key type.
389 if (supported_sig
== NULL
)
390 supported_sig
= ctx
->keytype
;
393 * Because we cleared out old ops, we shouldn't need to worry about
394 * checking if signature is already there.
397 EVP_SIGNATURE_fetch(ctx
->libctx
, supported_sig
, ctx
->propquery
);
399 if (signature
== NULL
400 || (EVP_KEYMGMT_provider(ctx
->keymgmt
)
401 != EVP_SIGNATURE_provider(signature
))) {
403 * We don't need to free ctx->keymgmt here, as it's not necessarily
404 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
406 EVP_SIGNATURE_free(signature
);
411 * TODO remove this when legacy is gone
412 * If we don't have the full support we need with provided methods,
413 * let's go see if legacy does.
417 /* No more legacy from here down to legacy: */
419 ctx
->op
.sig
.signature
= signature
;
420 ctx
->op
.sig
.sigprovctx
= signature
->newctx(ossl_provider_ctx(signature
->prov
));
421 if (ctx
->op
.sig
.sigprovctx
== NULL
) {
422 /* The provider key can stay in the cache */
423 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
428 case EVP_PKEY_OP_SIGN
:
429 if (signature
->sign_init
== NULL
) {
430 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
434 ret
= signature
->sign_init(ctx
->op
.sig
.sigprovctx
, provkey
);
436 case EVP_PKEY_OP_VERIFY
:
437 if (signature
->verify_init
== NULL
) {
438 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
442 ret
= signature
->verify_init(ctx
->op
.sig
.sigprovctx
, provkey
);
444 case EVP_PKEY_OP_VERIFYRECOVER
:
445 if (signature
->verify_recover_init
== NULL
) {
446 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
450 ret
= signature
->verify_recover_init(ctx
->op
.sig
.sigprovctx
, provkey
);
453 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
458 signature
->freectx(ctx
->op
.sig
.sigprovctx
);
459 ctx
->op
.sig
.sigprovctx
= NULL
;
466 * TODO remove this when legacy is gone
467 * If we don't have the full support we need with provided methods,
468 * let's go see if legacy does.
472 if (ctx
->pmeth
== NULL
473 || (operation
== EVP_PKEY_OP_SIGN
&& ctx
->pmeth
->sign
== NULL
)
474 || (operation
== EVP_PKEY_OP_VERIFY
&& ctx
->pmeth
->verify
== NULL
)
475 || (operation
== EVP_PKEY_OP_VERIFYRECOVER
476 && ctx
->pmeth
->verify_recover
== NULL
)) {
477 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
482 case EVP_PKEY_OP_SIGN
:
483 if (ctx
->pmeth
->sign_init
== NULL
)
485 ret
= ctx
->pmeth
->sign_init(ctx
);
487 case EVP_PKEY_OP_VERIFY
:
488 if (ctx
->pmeth
->verify_init
== NULL
)
490 ret
= ctx
->pmeth
->verify_init(ctx
);
492 case EVP_PKEY_OP_VERIFYRECOVER
:
493 if (ctx
->pmeth
->verify_recover_init
== NULL
)
495 ret
= ctx
->pmeth
->verify_recover_init(ctx
);
498 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
506 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
510 int EVP_PKEY_sign_init(EVP_PKEY_CTX
*ctx
)
512 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_SIGN
);
515 int EVP_PKEY_sign(EVP_PKEY_CTX
*ctx
,
516 unsigned char *sig
, size_t *siglen
,
517 const unsigned char *tbs
, size_t tbslen
)
522 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
526 if (ctx
->operation
!= EVP_PKEY_OP_SIGN
) {
527 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
531 if (ctx
->op
.sig
.sigprovctx
== NULL
)
534 ret
= ctx
->op
.sig
.signature
->sign(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
535 SIZE_MAX
, tbs
, tbslen
);
540 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->sign
== NULL
) {
541 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
545 M_check_autoarg(ctx
, sig
, siglen
, EVP_F_EVP_PKEY_SIGN
)
546 return ctx
->pmeth
->sign(ctx
, sig
, siglen
, tbs
, tbslen
);
549 int EVP_PKEY_verify_init(EVP_PKEY_CTX
*ctx
)
551 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_VERIFY
);
554 int EVP_PKEY_verify(EVP_PKEY_CTX
*ctx
,
555 const unsigned char *sig
, size_t siglen
,
556 const unsigned char *tbs
, size_t tbslen
)
561 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
565 if (ctx
->operation
!= EVP_PKEY_OP_VERIFY
) {
566 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
570 if (ctx
->op
.sig
.sigprovctx
== NULL
)
573 ret
= ctx
->op
.sig
.signature
->verify(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
578 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify
== NULL
) {
579 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
583 return ctx
->pmeth
->verify(ctx
, sig
, siglen
, tbs
, tbslen
);
586 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX
*ctx
)
588 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_VERIFYRECOVER
);
591 int EVP_PKEY_verify_recover(EVP_PKEY_CTX
*ctx
,
592 unsigned char *rout
, size_t *routlen
,
593 const unsigned char *sig
, size_t siglen
)
598 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
602 if (ctx
->operation
!= EVP_PKEY_OP_VERIFYRECOVER
) {
603 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
607 if (ctx
->op
.sig
.sigprovctx
== NULL
)
610 ret
= ctx
->op
.sig
.signature
->verify_recover(ctx
->op
.sig
.sigprovctx
, rout
,
612 (rout
== NULL
? 0 : *routlen
),
616 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify_recover
== NULL
) {
617 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
620 M_check_autoarg(ctx
, rout
, routlen
, EVP_F_EVP_PKEY_VERIFY_RECOVER
)
621 return ctx
->pmeth
->verify_recover(ctx
, rout
, routlen
, sig
, siglen
);