2 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include <openssl/x509.h>
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
21 static int update(EVP_MD_CTX
*ctx
, const void *data
, size_t datalen
)
23 EVPerr(EVP_F_UPDATE
, EVP_R_ONLY_ONESHOT_SUPPORTED
);
28 * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
31 static const char *canon_mdname(const char *mdname
)
33 if (mdname
!= NULL
&& strcmp(mdname
, "UNDEF") == 0)
39 static int do_sigver_init(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
40 const EVP_MD
*type
, const char *mdname
,
41 OPENSSL_CTX
*libctx
, const char *props
,
42 ENGINE
*e
, EVP_PKEY
*pkey
, int ver
)
44 EVP_PKEY_CTX
*locpctx
= NULL
;
45 EVP_SIGNATURE
*signature
= NULL
;
46 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
47 const char *supported_sig
= NULL
;
48 char locmdname
[80] = ""; /* 80 chars should be enough */
52 if (ctx
->provctx
!= NULL
) {
53 if (!ossl_assert(ctx
->digest
!= NULL
)) {
54 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
57 if (ctx
->digest
->freectx
!= NULL
)
58 ctx
->digest
->freectx(ctx
->provctx
);
62 if (ctx
->pctx
== NULL
) {
64 ctx
->pctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, props
);
66 ctx
->pctx
= EVP_PKEY_CTX_new(pkey
, e
);
68 if (ctx
->pctx
== NULL
)
72 evp_pkey_ctx_free_old_ops(locpctx
);
75 props
= locpctx
->propquery
;
78 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
79 * calls can be removed.
83 if (locpctx
->engine
!= NULL
|| locpctx
->keytype
== NULL
)
87 * Ensure that the key is provided, either natively, or as a cached export.
89 tmp_keymgmt
= locpctx
->keymgmt
;
90 provkey
= evp_pkey_export_to_provider(locpctx
->pkey
, locpctx
->libctx
,
91 &tmp_keymgmt
, locpctx
->propquery
);
92 if (provkey
== NULL
) {
94 * If we couldn't find a keymgmt at all try legacy.
95 * TODO(3.0): Once all legacy algorithms (SM2, HMAC etc) have provider
96 * based implementations this fallback shouldn't be necessary. Either
97 * we have an ENGINE based implementation (in which case we should have
98 * already fallen back in the test above here), or we don't have the
99 * provider based implementation loaded (in which case this is an
100 * application config error)
102 if (locpctx
->keymgmt
== NULL
)
104 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
107 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
)) {
108 ERR_clear_last_mark();
109 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
112 EVP_KEYMGMT_free(locpctx
->keymgmt
);
113 locpctx
->keymgmt
= tmp_keymgmt
;
115 if (locpctx
->keymgmt
->query_operation_name
!= NULL
)
117 locpctx
->keymgmt
->query_operation_name(OSSL_OP_SIGNATURE
);
120 * If we didn't get a supported sig, assume there is one with the
121 * same name as the key type.
123 if (supported_sig
== NULL
)
124 supported_sig
= locpctx
->keytype
;
127 * Because we cleared out old ops, we shouldn't need to worry about
128 * checking if signature is already there.
130 signature
= EVP_SIGNATURE_fetch(locpctx
->libctx
, supported_sig
,
133 if (signature
== NULL
134 || (EVP_KEYMGMT_provider(locpctx
->keymgmt
)
135 != EVP_SIGNATURE_provider(signature
))) {
137 * We don't need to free ctx->keymgmt here, as it's not necessarily
138 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
140 EVP_SIGNATURE_free(signature
);
145 * TODO remove this when legacy is gone
146 * If we don't have the full support we need with provided methods,
147 * let's go see if legacy does.
151 /* No more legacy from here down to legacy: */
156 locpctx
->op
.sig
.signature
= signature
;
157 locpctx
->operation
= ver
? EVP_PKEY_OP_VERIFYCTX
158 : EVP_PKEY_OP_SIGNCTX
;
159 locpctx
->op
.sig
.sigprovctx
160 = signature
->newctx(ossl_provider_ctx(signature
->prov
), props
);
161 if (locpctx
->op
.sig
.sigprovctx
== NULL
) {
162 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
166 ctx
->reqdigest
= type
;
168 mdname
= canon_mdname(EVP_MD_name(type
));
170 if (mdname
== NULL
) {
171 if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt
, provkey
,
173 sizeof(locmdname
)) > 0) {
174 mdname
= canon_mdname(locmdname
);
176 EVPerr(EVP_F_DO_SIGVER_INIT
, EVP_R_NO_DEFAULT_DIGEST
);
181 if (mdname
!= NULL
) {
183 * This might be requested by a later call to EVP_MD_CTX_md().
184 * In that case the "explicit fetch" rules apply for that
185 * function (as per man pages), i.e. the ref count is not updated
186 * so the EVP_MD should not be used beyound the lifetime of the
189 ctx
->digest
= ctx
->reqdigest
= ctx
->fetched_digest
=
190 EVP_MD_fetch(locpctx
->libctx
, mdname
, props
);
195 if (signature
->digest_verify_init
== NULL
) {
196 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
199 ret
= signature
->digest_verify_init(locpctx
->op
.sig
.sigprovctx
,
202 if (signature
->digest_sign_init
== NULL
) {
203 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
206 ret
= signature
->digest_sign_init(locpctx
->op
.sig
.sigprovctx
,
212 evp_pkey_ctx_free_old_ops(locpctx
);
213 locpctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
218 * TODO remove this when legacy is gone
219 * If we don't have the full support we need with provided methods,
220 * let's go see if legacy does.
224 if (type
== NULL
&& mdname
!= NULL
)
225 type
= evp_get_digestbyname_ex(locpctx
->libctx
, mdname
);
227 if (ctx
->pctx
->pmeth
== NULL
) {
228 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
232 if (!(ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)) {
236 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
237 type
= EVP_get_digestbynid(def_nid
);
241 EVPerr(EVP_F_DO_SIGVER_INIT
, EVP_R_NO_DEFAULT_DIGEST
);
247 if (ctx
->pctx
->pmeth
->verifyctx_init
) {
248 if (ctx
->pctx
->pmeth
->verifyctx_init(ctx
->pctx
, ctx
) <= 0)
250 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFYCTX
;
251 } else if (ctx
->pctx
->pmeth
->digestverify
!= 0) {
252 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFY
;
253 ctx
->update
= update
;
254 } else if (EVP_PKEY_verify_init(ctx
->pctx
) <= 0) {
258 if (ctx
->pctx
->pmeth
->signctx_init
) {
259 if (ctx
->pctx
->pmeth
->signctx_init(ctx
->pctx
, ctx
) <= 0)
261 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGNCTX
;
262 } else if (ctx
->pctx
->pmeth
->digestsign
!= 0) {
263 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGN
;
264 ctx
->update
= update
;
265 } else if (EVP_PKEY_sign_init(ctx
->pctx
) <= 0) {
269 if (EVP_PKEY_CTX_set_signature_md(ctx
->pctx
, type
) <= 0)
273 if (ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)
275 if (!EVP_DigestInit_ex(ctx
, type
, e
))
278 * This indicates the current algorithm requires
279 * special treatment before hashing the tbs-message.
281 ctx
->pctx
->flag_call_digest_custom
= 0;
282 if (ctx
->pctx
->pmeth
->digest_custom
!= NULL
)
283 ctx
->pctx
->flag_call_digest_custom
= 1;
288 int EVP_DigestSignInit_with_libctx(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
290 OPENSSL_CTX
*libctx
, const char *props
,
293 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 0);
296 int EVP_DigestSignInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
297 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
299 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 0);
302 int EVP_DigestVerifyInit_with_libctx(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
304 OPENSSL_CTX
*libctx
, const char *props
,
307 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, libctx
, props
, NULL
, pkey
, 1);
310 int EVP_DigestVerifyInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
311 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
313 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, NULL
, e
, pkey
, 1);
315 #endif /* FIPS_MDOE */
317 int EVP_DigestSignUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
319 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
322 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
323 || pctx
->op
.sig
.sigprovctx
== NULL
324 || pctx
->op
.sig
.signature
== NULL
)
327 if (pctx
->op
.sig
.signature
->digest_sign_update
== NULL
) {
328 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
332 return pctx
->op
.sig
.signature
->digest_sign_update(pctx
->op
.sig
.sigprovctx
,
337 /* do_sigver_init() checked that |digest_custom| is non-NULL */
338 if (pctx
->flag_call_digest_custom
339 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
341 pctx
->flag_call_digest_custom
= 0;
344 return EVP_DigestUpdate(ctx
, data
, dsize
);
347 int EVP_DigestVerifyUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
349 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
352 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
353 || pctx
->op
.sig
.sigprovctx
== NULL
354 || pctx
->op
.sig
.signature
== NULL
)
357 if (pctx
->op
.sig
.signature
->digest_verify_update
== NULL
) {
358 ERR_raise(ERR_LIB_EVP
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
362 return pctx
->op
.sig
.signature
->digest_verify_update(pctx
->op
.sig
.sigprovctx
,
367 /* do_sigver_init() checked that |digest_custom| is non-NULL */
368 if (pctx
->flag_call_digest_custom
369 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
371 pctx
->flag_call_digest_custom
= 0;
374 return EVP_DigestUpdate(ctx
, data
, dsize
);
378 int EVP_DigestSignFinal(EVP_MD_CTX
*ctx
, unsigned char *sigret
,
382 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
385 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
386 || pctx
->op
.sig
.sigprovctx
== NULL
387 || pctx
->op
.sig
.signature
== NULL
)
390 return pctx
->op
.sig
.signature
->digest_sign_final(pctx
->op
.sig
.sigprovctx
,
391 sigret
, siglen
, SIZE_MAX
);
394 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
395 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
399 /* do_sigver_init() checked that |digest_custom| is non-NULL */
400 if (pctx
->flag_call_digest_custom
401 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
403 pctx
->flag_call_digest_custom
= 0;
405 if (pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
) {
407 return pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
408 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
)
409 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
411 EVP_PKEY_CTX
*dctx
= EVP_PKEY_CTX_dup(pctx
);
415 r
= dctx
->pmeth
->signctx(dctx
, sigret
, siglen
, ctx
);
416 EVP_PKEY_CTX_free(dctx
);
420 if (pctx
->pmeth
->signctx
!= NULL
)
424 if (sigret
!= NULL
) {
425 unsigned char md
[EVP_MAX_MD_SIZE
];
426 unsigned int mdlen
= 0;
428 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
430 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
432 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
434 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
438 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
439 EVP_MD_CTX_free(tmp_ctx
);
443 r
= tmp_ctx
->pctx
->pmeth
->signctx(tmp_ctx
->pctx
,
444 sigret
, siglen
, tmp_ctx
);
446 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
447 EVP_MD_CTX_free(tmp_ctx
);
451 if (EVP_PKEY_sign(pctx
, sigret
, siglen
, md
, mdlen
) <= 0)
455 if (pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
) <= 0)
458 int s
= EVP_MD_size(ctx
->digest
);
460 if (s
< 0 || EVP_PKEY_sign(pctx
, sigret
, siglen
, NULL
, s
) <= 0)
467 int EVP_DigestSign(EVP_MD_CTX
*ctx
, unsigned char *sigret
, size_t *siglen
,
468 const unsigned char *tbs
, size_t tbslen
)
470 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
473 && pctx
->operation
== EVP_PKEY_OP_SIGNCTX
474 && pctx
->op
.sig
.sigprovctx
!= NULL
475 && pctx
->op
.sig
.signature
!= NULL
) {
476 if (pctx
->op
.sig
.signature
->digest_sign
!= NULL
)
477 return pctx
->op
.sig
.signature
->digest_sign(pctx
->op
.sig
.sigprovctx
,
478 sigret
, siglen
, SIZE_MAX
,
482 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestsign
!= NULL
)
483 return ctx
->pctx
->pmeth
->digestsign(ctx
, sigret
, siglen
, tbs
, tbslen
);
486 if (sigret
!= NULL
&& EVP_DigestSignUpdate(ctx
, tbs
, tbslen
) <= 0)
488 return EVP_DigestSignFinal(ctx
, sigret
, siglen
);
491 int EVP_DigestVerifyFinal(EVP_MD_CTX
*ctx
, const unsigned char *sig
,
494 unsigned char md
[EVP_MAX_MD_SIZE
];
496 unsigned int mdlen
= 0;
498 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
501 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
502 || pctx
->op
.sig
.sigprovctx
== NULL
503 || pctx
->op
.sig
.signature
== NULL
)
506 return pctx
->op
.sig
.signature
->digest_verify_final(pctx
->op
.sig
.sigprovctx
,
510 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
511 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
515 /* do_sigver_init() checked that |digest_custom| is non-NULL */
516 if (pctx
->flag_call_digest_custom
517 && !ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
))
519 pctx
->flag_call_digest_custom
= 0;
521 if (pctx
->pmeth
->verifyctx
!= NULL
)
525 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
527 r
= pctx
->pmeth
->verifyctx(pctx
, sig
, siglen
, ctx
);
529 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
531 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
534 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
535 EVP_MD_CTX_free(tmp_ctx
);
539 r
= tmp_ctx
->pctx
->pmeth
->verifyctx(tmp_ctx
->pctx
,
540 sig
, siglen
, tmp_ctx
);
542 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
543 EVP_MD_CTX_free(tmp_ctx
);
547 return EVP_PKEY_verify(pctx
, sig
, siglen
, md
, mdlen
);
550 int EVP_DigestVerify(EVP_MD_CTX
*ctx
, const unsigned char *sigret
,
551 size_t siglen
, const unsigned char *tbs
, size_t tbslen
)
553 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
556 && pctx
->operation
== EVP_PKEY_OP_VERIFYCTX
557 && pctx
->op
.sig
.sigprovctx
!= NULL
558 && pctx
->op
.sig
.signature
!= NULL
) {
559 if (pctx
->op
.sig
.signature
->digest_verify
!= NULL
)
560 return pctx
->op
.sig
.signature
->digest_verify(pctx
->op
.sig
.sigprovctx
,
565 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestverify
!= NULL
)
566 return ctx
->pctx
->pmeth
->digestverify(ctx
, sigret
, siglen
, tbs
, tbslen
);
569 if (EVP_DigestVerifyUpdate(ctx
, tbs
, tbslen
) <= 0)
571 return EVP_DigestVerifyFinal(ctx
, sigret
, siglen
);
573 #endif /* FIPS_MODULE */