2 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
19 static EVP_SIGNATURE
*evp_signature_new(OSSL_PROVIDER
*prov
)
21 EVP_SIGNATURE
*signature
= OPENSSL_zalloc(sizeof(EVP_SIGNATURE
));
23 if (signature
== NULL
) {
24 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
28 signature
->lock
= CRYPTO_THREAD_lock_new();
29 if (signature
->lock
== NULL
) {
30 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
31 OPENSSL_free(signature
);
34 signature
->prov
= prov
;
35 ossl_provider_up_ref(prov
);
36 signature
->refcnt
= 1;
41 static void *evp_signature_from_dispatch(int name_id
,
42 const OSSL_DISPATCH
*fns
,
45 EVP_SIGNATURE
*signature
= NULL
;
46 int ctxfncnt
= 0, signfncnt
= 0, verifyfncnt
= 0, verifyrecfncnt
= 0;
47 int digsignfncnt
= 0, digverifyfncnt
= 0;
48 int gparamfncnt
= 0, sparamfncnt
= 0, gmdparamfncnt
= 0, smdparamfncnt
= 0;
50 if ((signature
= evp_signature_new(prov
)) == NULL
) {
51 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
55 signature
->name_id
= name_id
;
57 for (; fns
->function_id
!= 0; fns
++) {
58 switch (fns
->function_id
) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX
:
60 if (signature
->newctx
!= NULL
)
62 signature
->newctx
= OSSL_FUNC_signature_newctx(fns
);
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT
:
66 if (signature
->sign_init
!= NULL
)
68 signature
->sign_init
= OSSL_FUNC_signature_sign_init(fns
);
71 case OSSL_FUNC_SIGNATURE_SIGN
:
72 if (signature
->sign
!= NULL
)
74 signature
->sign
= OSSL_FUNC_signature_sign(fns
);
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT
:
78 if (signature
->verify_init
!= NULL
)
80 signature
->verify_init
= OSSL_FUNC_signature_verify_init(fns
);
83 case OSSL_FUNC_SIGNATURE_VERIFY
:
84 if (signature
->verify
!= NULL
)
86 signature
->verify
= OSSL_FUNC_signature_verify(fns
);
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
:
90 if (signature
->verify_recover_init
!= NULL
)
92 signature
->verify_recover_init
93 = OSSL_FUNC_signature_verify_recover_init(fns
);
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
:
97 if (signature
->verify_recover
!= NULL
)
99 signature
->verify_recover
100 = OSSL_FUNC_signature_verify_recover(fns
);
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT
:
104 if (signature
->digest_sign_init
!= NULL
)
106 signature
->digest_sign_init
107 = OSSL_FUNC_signature_digest_sign_init(fns
);
109 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE
:
110 if (signature
->digest_sign_update
!= NULL
)
112 signature
->digest_sign_update
113 = OSSL_FUNC_signature_digest_sign_update(fns
);
116 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL
:
117 if (signature
->digest_sign_final
!= NULL
)
119 signature
->digest_sign_final
120 = OSSL_FUNC_signature_digest_sign_final(fns
);
123 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN
:
124 if (signature
->digest_sign
!= NULL
)
126 signature
->digest_sign
127 = OSSL_FUNC_signature_digest_sign(fns
);
129 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT
:
130 if (signature
->digest_verify_init
!= NULL
)
132 signature
->digest_verify_init
133 = OSSL_FUNC_signature_digest_verify_init(fns
);
135 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE
:
136 if (signature
->digest_verify_update
!= NULL
)
138 signature
->digest_verify_update
139 = OSSL_FUNC_signature_digest_verify_update(fns
);
142 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL
:
143 if (signature
->digest_verify_final
!= NULL
)
145 signature
->digest_verify_final
146 = OSSL_FUNC_signature_digest_verify_final(fns
);
149 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY
:
150 if (signature
->digest_verify
!= NULL
)
152 signature
->digest_verify
153 = OSSL_FUNC_signature_digest_verify(fns
);
155 case OSSL_FUNC_SIGNATURE_FREECTX
:
156 if (signature
->freectx
!= NULL
)
158 signature
->freectx
= OSSL_FUNC_signature_freectx(fns
);
161 case OSSL_FUNC_SIGNATURE_DUPCTX
:
162 if (signature
->dupctx
!= NULL
)
164 signature
->dupctx
= OSSL_FUNC_signature_dupctx(fns
);
166 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
:
167 if (signature
->get_ctx_params
!= NULL
)
169 signature
->get_ctx_params
170 = OSSL_FUNC_signature_get_ctx_params(fns
);
173 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
:
174 if (signature
->gettable_ctx_params
!= NULL
)
176 signature
->gettable_ctx_params
177 = OSSL_FUNC_signature_gettable_ctx_params(fns
);
180 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
:
181 if (signature
->set_ctx_params
!= NULL
)
183 signature
->set_ctx_params
184 = OSSL_FUNC_signature_set_ctx_params(fns
);
187 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
:
188 if (signature
->settable_ctx_params
!= NULL
)
190 signature
->settable_ctx_params
191 = OSSL_FUNC_signature_settable_ctx_params(fns
);
194 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS
:
195 if (signature
->get_ctx_md_params
!= NULL
)
197 signature
->get_ctx_md_params
198 = OSSL_FUNC_signature_get_ctx_md_params(fns
);
201 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS
:
202 if (signature
->gettable_ctx_md_params
!= NULL
)
204 signature
->gettable_ctx_md_params
205 = OSSL_FUNC_signature_gettable_ctx_md_params(fns
);
208 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS
:
209 if (signature
->set_ctx_md_params
!= NULL
)
211 signature
->set_ctx_md_params
212 = OSSL_FUNC_signature_set_ctx_md_params(fns
);
215 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
:
216 if (signature
->settable_ctx_md_params
!= NULL
)
218 signature
->settable_ctx_md_params
219 = OSSL_FUNC_signature_settable_ctx_md_params(fns
);
227 && verifyrecfncnt
== 0
229 && digverifyfncnt
== 0
230 && signature
->digest_sign
== NULL
231 && signature
->digest_verify
== NULL
)
232 || (signfncnt
!= 0 && signfncnt
!= 2)
233 || (verifyfncnt
!= 0 && verifyfncnt
!= 2)
234 || (verifyrecfncnt
!= 0 && verifyrecfncnt
!= 2)
235 || (digsignfncnt
!= 0 && digsignfncnt
!= 2)
236 || (digsignfncnt
== 2 && signature
->digest_sign_init
== NULL
)
237 || (digverifyfncnt
!= 0 && digverifyfncnt
!= 2)
238 || (digverifyfncnt
== 2 && signature
->digest_verify_init
== NULL
)
239 || (signature
->digest_sign
!= NULL
240 && signature
->digest_sign_init
== NULL
)
241 || (signature
->digest_verify
!= NULL
242 && signature
->digest_verify_init
== NULL
)
243 || (gparamfncnt
!= 0 && gparamfncnt
!= 2)
244 || (sparamfncnt
!= 0 && sparamfncnt
!= 2)
245 || (gmdparamfncnt
!= 0 && gmdparamfncnt
!= 2)
246 || (smdparamfncnt
!= 0 && smdparamfncnt
!= 2)) {
248 * In order to be a consistent set of functions we must have at least
249 * a set of context functions (newctx and freectx) as well as a set of
250 * "signature" functions:
251 * (sign_init, sign) or
252 * (verify_init verify) or
253 * (verify_recover_init, verify_recover) or
254 * (digest_sign_init, digest_sign_update, digest_sign_final) or
255 * (digest_verify_init, digest_verify_update, digest_verify_final) or
256 * (digest_sign_init, digest_sign) or
257 * (digest_verify_init, digest_verify).
259 * set_ctx_params and settable_ctx_params are optional, but if one of
260 * them is present then the other one must also be present. The same
261 * applies to get_ctx_params and gettable_ctx_params. The same rules
262 * apply to the "md_params" functions. The dupctx function is optional.
264 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
270 EVP_SIGNATURE_free(signature
);
274 void EVP_SIGNATURE_free(EVP_SIGNATURE
*signature
)
276 if (signature
!= NULL
) {
279 CRYPTO_DOWN_REF(&signature
->refcnt
, &i
, signature
->lock
);
282 ossl_provider_free(signature
->prov
);
283 CRYPTO_THREAD_lock_free(signature
->lock
);
284 OPENSSL_free(signature
);
288 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE
*signature
)
292 CRYPTO_UP_REF(&signature
->refcnt
, &ref
, signature
->lock
);
296 OSSL_PROVIDER
*EVP_SIGNATURE_provider(const EVP_SIGNATURE
*signature
)
298 return signature
->prov
;
301 EVP_SIGNATURE
*EVP_SIGNATURE_fetch(OPENSSL_CTX
*ctx
, const char *algorithm
,
302 const char *properties
)
304 return evp_generic_fetch(ctx
, OSSL_OP_SIGNATURE
, algorithm
, properties
,
305 evp_signature_from_dispatch
,
306 (int (*)(void *))EVP_SIGNATURE_up_ref
,
307 (void (*)(void *))EVP_SIGNATURE_free
);
310 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE
*signature
, const char *name
)
312 return evp_is_a(signature
->prov
, signature
->name_id
, NULL
, name
);
315 int EVP_SIGNATURE_number(const EVP_SIGNATURE
*signature
)
317 return signature
->name_id
;
320 void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX
*libctx
,
321 void (*fn
)(EVP_SIGNATURE
*signature
,
325 evp_generic_do_all(libctx
, OSSL_OP_SIGNATURE
,
326 (void (*)(void *, void *))fn
, arg
,
327 evp_signature_from_dispatch
,
328 (void (*)(void *))EVP_SIGNATURE_free
);
332 void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE
*signature
,
333 void (*fn
)(const char *name
, void *data
),
336 if (signature
->prov
!= NULL
)
337 evp_names_do_all(signature
->prov
, signature
->name_id
, fn
, data
);
340 const OSSL_PARAM
*EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE
*sig
)
344 if (sig
== NULL
|| sig
->gettable_ctx_params
== NULL
)
347 provctx
= ossl_provider_ctx(EVP_SIGNATURE_provider(sig
));
348 return sig
->gettable_ctx_params(provctx
);
351 const OSSL_PARAM
*EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE
*sig
)
355 if (sig
== NULL
|| sig
->settable_ctx_params
== NULL
)
358 provctx
= ossl_provider_ctx(EVP_SIGNATURE_provider(sig
));
359 return sig
->settable_ctx_params(provctx
);
362 static int evp_pkey_signature_init(EVP_PKEY_CTX
*ctx
, int operation
)
365 void *provkey
= NULL
;
366 EVP_SIGNATURE
*signature
= NULL
;
367 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
368 const char *supported_sig
= NULL
;
371 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
375 evp_pkey_ctx_free_old_ops(ctx
);
376 ctx
->operation
= operation
;
379 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
380 * calls can be removed.
384 if (ctx
->keymgmt
== NULL
)
388 * Ensure that the key is provided, either natively, or as a cached export.
391 tmp_keymgmt
= ctx
->keymgmt
;
392 provkey
= evp_pkey_export_to_provider(ctx
->pkey
, ctx
->libctx
,
393 &tmp_keymgmt
, ctx
->propquery
);
394 if (tmp_keymgmt
== NULL
)
396 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
)) {
397 ERR_clear_last_mark();
398 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
401 EVP_KEYMGMT_free(ctx
->keymgmt
);
402 ctx
->keymgmt
= tmp_keymgmt
;
404 if (ctx
->keymgmt
->query_operation_name
!= NULL
)
405 supported_sig
= ctx
->keymgmt
->query_operation_name(OSSL_OP_SIGNATURE
);
408 * If we didn't get a supported sig, assume there is one with the
409 * same name as the key type.
411 if (supported_sig
== NULL
)
412 supported_sig
= ctx
->keytype
;
415 * Because we cleared out old ops, we shouldn't need to worry about
416 * checking if signature is already there.
419 EVP_SIGNATURE_fetch(ctx
->libctx
, supported_sig
, ctx
->propquery
);
421 if (signature
== NULL
422 || (EVP_KEYMGMT_provider(ctx
->keymgmt
)
423 != EVP_SIGNATURE_provider(signature
))) {
425 * We don't need to free ctx->keymgmt here, as it's not necessarily
426 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
428 EVP_SIGNATURE_free(signature
);
433 * TODO remove this when legacy is gone
434 * If we don't have the full support we need with provided methods,
435 * let's go see if legacy does.
439 /* No more legacy from here down to legacy: */
441 ctx
->op
.sig
.signature
= signature
;
442 ctx
->op
.sig
.sigprovctx
=
443 signature
->newctx(ossl_provider_ctx(signature
->prov
), ctx
->propquery
);
444 if (ctx
->op
.sig
.sigprovctx
== NULL
) {
445 /* The provider key can stay in the cache */
446 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
451 case EVP_PKEY_OP_SIGN
:
452 if (signature
->sign_init
== NULL
) {
453 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
457 ret
= signature
->sign_init(ctx
->op
.sig
.sigprovctx
, provkey
);
459 case EVP_PKEY_OP_VERIFY
:
460 if (signature
->verify_init
== NULL
) {
461 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
465 ret
= signature
->verify_init(ctx
->op
.sig
.sigprovctx
, provkey
);
467 case EVP_PKEY_OP_VERIFYRECOVER
:
468 if (signature
->verify_recover_init
== NULL
) {
469 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
473 ret
= signature
->verify_recover_init(ctx
->op
.sig
.sigprovctx
, provkey
);
476 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
481 signature
->freectx(ctx
->op
.sig
.sigprovctx
);
482 ctx
->op
.sig
.sigprovctx
= NULL
;
489 * TODO remove this when legacy is gone
490 * If we don't have the full support we need with provided methods,
491 * let's go see if legacy does.
495 if (ctx
->pmeth
== NULL
496 || (operation
== EVP_PKEY_OP_SIGN
&& ctx
->pmeth
->sign
== NULL
)
497 || (operation
== EVP_PKEY_OP_VERIFY
&& ctx
->pmeth
->verify
== NULL
)
498 || (operation
== EVP_PKEY_OP_VERIFYRECOVER
499 && ctx
->pmeth
->verify_recover
== NULL
)) {
500 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
505 case EVP_PKEY_OP_SIGN
:
506 if (ctx
->pmeth
->sign_init
== NULL
)
508 ret
= ctx
->pmeth
->sign_init(ctx
);
510 case EVP_PKEY_OP_VERIFY
:
511 if (ctx
->pmeth
->verify_init
== NULL
)
513 ret
= ctx
->pmeth
->verify_init(ctx
);
515 case EVP_PKEY_OP_VERIFYRECOVER
:
516 if (ctx
->pmeth
->verify_recover_init
== NULL
)
518 ret
= ctx
->pmeth
->verify_recover_init(ctx
);
521 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
529 evp_pkey_ctx_free_old_ops(ctx
);
530 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
534 int EVP_PKEY_sign_init(EVP_PKEY_CTX
*ctx
)
536 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_SIGN
);
539 int EVP_PKEY_sign(EVP_PKEY_CTX
*ctx
,
540 unsigned char *sig
, size_t *siglen
,
541 const unsigned char *tbs
, size_t tbslen
)
546 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
550 if (ctx
->operation
!= EVP_PKEY_OP_SIGN
) {
551 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
555 if (ctx
->op
.sig
.sigprovctx
== NULL
)
558 ret
= ctx
->op
.sig
.signature
->sign(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
559 SIZE_MAX
, tbs
, tbslen
);
564 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->sign
== NULL
) {
565 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
569 M_check_autoarg(ctx
, sig
, siglen
, EVP_F_EVP_PKEY_SIGN
)
570 return ctx
->pmeth
->sign(ctx
, sig
, siglen
, tbs
, tbslen
);
573 int EVP_PKEY_verify_init(EVP_PKEY_CTX
*ctx
)
575 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_VERIFY
);
578 int EVP_PKEY_verify(EVP_PKEY_CTX
*ctx
,
579 const unsigned char *sig
, size_t siglen
,
580 const unsigned char *tbs
, size_t tbslen
)
585 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
589 if (ctx
->operation
!= EVP_PKEY_OP_VERIFY
) {
590 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
594 if (ctx
->op
.sig
.sigprovctx
== NULL
)
597 ret
= ctx
->op
.sig
.signature
->verify(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
602 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify
== NULL
) {
603 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
607 return ctx
->pmeth
->verify(ctx
, sig
, siglen
, tbs
, tbslen
);
610 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX
*ctx
)
612 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_VERIFYRECOVER
);
615 int EVP_PKEY_verify_recover(EVP_PKEY_CTX
*ctx
,
616 unsigned char *rout
, size_t *routlen
,
617 const unsigned char *sig
, size_t siglen
)
622 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
626 if (ctx
->operation
!= EVP_PKEY_OP_VERIFYRECOVER
) {
627 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
631 if (ctx
->op
.sig
.sigprovctx
== NULL
)
634 ret
= ctx
->op
.sig
.signature
->verify_recover(ctx
->op
.sig
.sigprovctx
, rout
,
636 (rout
== NULL
? 0 : *routlen
),
640 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify_recover
== NULL
) {
641 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
644 M_check_autoarg(ctx
, rout
, routlen
, EVP_F_EVP_PKEY_VERIFY_RECOVER
)
645 return ctx
->pmeth
->verify_recover(ctx
, rout
, routlen
, sig
, siglen
);