2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
19 static EVP_SIGNATURE
*evp_signature_new(OSSL_PROVIDER
*prov
)
21 EVP_SIGNATURE
*signature
= OPENSSL_zalloc(sizeof(EVP_SIGNATURE
));
23 signature
->lock
= CRYPTO_THREAD_lock_new();
24 if (signature
->lock
== NULL
) {
25 OPENSSL_free(signature
);
28 signature
->prov
= prov
;
29 ossl_provider_up_ref(prov
);
30 signature
->refcnt
= 1;
35 static void *evp_signature_from_dispatch(int name_id
,
36 const OSSL_DISPATCH
*fns
,
41 * Signature functions cannot work without a key, and key management
42 * from the same provider to manage its keys. We therefore fetch
43 * a key management method using the same algorithm and properties
44 * and pass that down to evp_generic_fetch to be passed on to our
45 * evp_signature_from_dispatch, which will attach the key management
46 * method to the newly created key exchange method as long as the
49 struct keymgmt_data_st
*keymgmt_data
= vkeymgmt_data
;
50 EVP_KEYMGMT
*keymgmt
=
51 evp_keymgmt_fetch_by_number(keymgmt_data
->ctx
, name_id
,
52 keymgmt_data
->properties
);
53 EVP_SIGNATURE
*signature
= NULL
;
54 int ctxfncnt
= 0, signfncnt
= 0, verifyfncnt
= 0, verifyrecfncnt
= 0;
55 int gparamfncnt
= 0, sparamfncnt
= 0;
57 if (keymgmt
== NULL
|| EVP_KEYMGMT_provider(keymgmt
) != prov
) {
58 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_KEYMGMT_AVAILABLE
);
62 if ((signature
= evp_signature_new(prov
)) == NULL
) {
63 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
67 signature
->name_id
= name_id
;
68 signature
->keymgmt
= keymgmt
;
69 keymgmt
= NULL
; /* avoid double free on failure below */
71 for (; fns
->function_id
!= 0; fns
++) {
72 switch (fns
->function_id
) {
73 case OSSL_FUNC_SIGNATURE_NEWCTX
:
74 if (signature
->newctx
!= NULL
)
76 signature
->newctx
= OSSL_get_OP_signature_newctx(fns
);
79 case OSSL_FUNC_SIGNATURE_SIGN_INIT
:
80 if (signature
->sign_init
!= NULL
)
82 signature
->sign_init
= OSSL_get_OP_signature_sign_init(fns
);
85 case OSSL_FUNC_SIGNATURE_SIGN
:
86 if (signature
->sign
!= NULL
)
88 signature
->sign
= OSSL_get_OP_signature_sign(fns
);
91 case OSSL_FUNC_SIGNATURE_VERIFY_INIT
:
92 if (signature
->verify_init
!= NULL
)
94 signature
->verify_init
= OSSL_get_OP_signature_verify_init(fns
);
97 case OSSL_FUNC_SIGNATURE_VERIFY
:
98 if (signature
->verify
!= NULL
)
100 signature
->verify
= OSSL_get_OP_signature_verify(fns
);
103 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
:
104 if (signature
->verify_recover_init
!= NULL
)
106 signature
->verify_recover_init
107 = OSSL_get_OP_signature_verify_recover_init(fns
);
110 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
:
111 if (signature
->verify_recover
!= NULL
)
113 signature
->verify_recover
114 = OSSL_get_OP_signature_verify_recover(fns
);
117 case OSSL_FUNC_SIGNATURE_FREECTX
:
118 if (signature
->freectx
!= NULL
)
120 signature
->freectx
= OSSL_get_OP_signature_freectx(fns
);
123 case OSSL_FUNC_SIGNATURE_DUPCTX
:
124 if (signature
->dupctx
!= NULL
)
126 signature
->dupctx
= OSSL_get_OP_signature_dupctx(fns
);
128 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
:
129 if (signature
->get_ctx_params
!= NULL
)
131 signature
->get_ctx_params
132 = OSSL_get_OP_signature_get_ctx_params(fns
);
135 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
:
136 if (signature
->gettable_ctx_params
!= NULL
)
138 signature
->gettable_ctx_params
139 = OSSL_get_OP_signature_gettable_ctx_params(fns
);
142 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
:
143 if (signature
->set_ctx_params
!= NULL
)
145 signature
->set_ctx_params
146 = OSSL_get_OP_signature_set_ctx_params(fns
);
149 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
:
150 if (signature
->settable_ctx_params
!= NULL
)
152 signature
->settable_ctx_params
153 = OSSL_get_OP_signature_settable_ctx_params(fns
);
159 || (signfncnt
!= 2 && verifyfncnt
!= 2 && verifyrecfncnt
!= 2)
160 || (gparamfncnt
!= 0 && gparamfncnt
!= 2)
161 || (sparamfncnt
!= 0 && sparamfncnt
!= 2)) {
163 * In order to be a consistent set of functions we must have at least
164 * a set of context functions (newctx and freectx) as well as a pair of
165 * "signature" functions: (sign_init, sign) or (verify_init verify) or
166 * (verify_recover_init, verify_recover). set_ctx_params and
167 * settable_ctx_params are optional, but if one of them is present then
168 * the other one must also be present. The same applies to
169 * get_ctx_params and gettable_ctx_params. The dupctx function is
172 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
178 EVP_SIGNATURE_free(signature
);
179 EVP_KEYMGMT_free(keymgmt
);
183 void EVP_SIGNATURE_free(EVP_SIGNATURE
*signature
)
185 if (signature
!= NULL
) {
188 CRYPTO_DOWN_REF(&signature
->refcnt
, &i
, signature
->lock
);
191 EVP_KEYMGMT_free(signature
->keymgmt
);
192 ossl_provider_free(signature
->prov
);
193 CRYPTO_THREAD_lock_free(signature
->lock
);
194 OPENSSL_free(signature
);
198 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE
*signature
)
202 CRYPTO_UP_REF(&signature
->refcnt
, &ref
, signature
->lock
);
206 OSSL_PROVIDER
*EVP_SIGNATURE_provider(const EVP_SIGNATURE
*signature
)
208 return signature
->prov
;
211 EVP_SIGNATURE
*EVP_SIGNATURE_fetch(OPENSSL_CTX
*ctx
, const char *algorithm
,
212 const char *properties
)
214 struct keymgmt_data_st keymgmt_data
;
217 * A signature operation cannot work without a key, so we need key
218 * management from the same provider to manage its keys.
220 keymgmt_data
.ctx
= ctx
;
221 keymgmt_data
.properties
= properties
;
222 return evp_generic_fetch(ctx
, OSSL_OP_SIGNATURE
, algorithm
, properties
,
223 evp_signature_from_dispatch
, &keymgmt_data
,
224 (int (*)(void *))EVP_SIGNATURE_up_ref
,
225 (void (*)(void *))EVP_SIGNATURE_free
);
228 static int evp_pkey_signature_init(EVP_PKEY_CTX
*ctx
, EVP_SIGNATURE
*signature
,
232 void *provkey
= NULL
;
235 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
239 evp_pkey_ctx_free_old_ops(ctx
);
240 ctx
->operation
= operation
;
242 if (ctx
->engine
!= NULL
)
245 if (signature
!= NULL
) {
246 if (!EVP_SIGNATURE_up_ref(signature
))
249 int nid
= ctx
->pkey
!= NULL
? ctx
->pkey
->type
: ctx
->pmeth
->pkey_id
;
252 * TODO(3.0): Check for legacy handling. Remove this once all all
253 * algorithms are moved to providers.
255 if (ctx
->pkey
!= NULL
) {
256 switch (ctx
->pkey
->type
) {
262 signature
= EVP_SIGNATURE_fetch(NULL
, OBJ_nid2sn(nid
), NULL
);
267 if (signature
== NULL
) {
268 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
273 ctx
->op
.sig
.signature
= signature
;
274 if (ctx
->pkey
!= NULL
) {
275 provkey
= evp_keymgmt_export_to_provider(ctx
->pkey
, signature
->keymgmt
);
276 if (provkey
== NULL
) {
277 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
281 ctx
->op
.sig
.sigprovctx
= signature
->newctx(ossl_provider_ctx(signature
->prov
));
282 if (ctx
->op
.sig
.sigprovctx
== NULL
) {
283 /* The provider key can stay in the cache */
284 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
289 case EVP_PKEY_OP_SIGN
:
290 if (signature
->sign_init
== NULL
) {
291 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
295 ret
= signature
->sign_init(ctx
->op
.sig
.sigprovctx
, provkey
);
297 case EVP_PKEY_OP_VERIFY
:
298 if (signature
->verify_init
== NULL
) {
299 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
303 ret
= signature
->verify_init(ctx
->op
.sig
.sigprovctx
, provkey
);
305 case EVP_PKEY_OP_VERIFYRECOVER
:
306 if (signature
->verify_recover_init
== NULL
) {
307 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
311 ret
= signature
->verify_recover_init(ctx
->op
.sig
.sigprovctx
, provkey
);
314 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
319 signature
->freectx(ctx
->op
.sig
.sigprovctx
);
320 ctx
->op
.sig
.sigprovctx
= NULL
;
326 if (ctx
->pmeth
== NULL
327 || (operation
== EVP_PKEY_OP_SIGN
&& ctx
->pmeth
->sign
== NULL
)
328 || (operation
== EVP_PKEY_OP_VERIFY
&& ctx
->pmeth
->verify
== NULL
)
329 || (operation
== EVP_PKEY_OP_VERIFYRECOVER
330 && ctx
->pmeth
->verify_recover
== NULL
)) {
331 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
336 case EVP_PKEY_OP_SIGN
:
337 if (ctx
->pmeth
->sign_init
== NULL
)
339 ret
= ctx
->pmeth
->sign_init(ctx
);
341 case EVP_PKEY_OP_VERIFY
:
342 if (ctx
->pmeth
->verify_init
== NULL
)
344 ret
= ctx
->pmeth
->verify_init(ctx
);
346 case EVP_PKEY_OP_VERIFYRECOVER
:
347 if (ctx
->pmeth
->verify_recover_init
== NULL
)
349 ret
= ctx
->pmeth
->verify_recover_init(ctx
);
352 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
360 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
364 int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX
*ctx
, EVP_SIGNATURE
*signature
)
366 return evp_pkey_signature_init(ctx
, signature
, EVP_PKEY_OP_SIGN
);
369 int EVP_PKEY_sign_init(EVP_PKEY_CTX
*ctx
)
371 return evp_pkey_signature_init(ctx
, NULL
, EVP_PKEY_OP_SIGN
);
374 int EVP_PKEY_sign(EVP_PKEY_CTX
*ctx
,
375 unsigned char *sig
, size_t *siglen
,
376 const unsigned char *tbs
, size_t tbslen
)
381 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
385 if (ctx
->operation
!= EVP_PKEY_OP_SIGN
) {
386 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
390 if (ctx
->op
.sig
.sigprovctx
== NULL
)
393 ret
= ctx
->op
.sig
.signature
->sign(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
394 SIZE_MAX
, tbs
, tbslen
);
399 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->sign
== NULL
) {
400 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
404 M_check_autoarg(ctx
, sig
, siglen
, EVP_F_EVP_PKEY_SIGN
)
405 return ctx
->pmeth
->sign(ctx
, sig
, siglen
, tbs
, tbslen
);
408 int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX
*ctx
, EVP_SIGNATURE
*signature
)
410 return evp_pkey_signature_init(ctx
, signature
, EVP_PKEY_OP_VERIFY
);
413 int EVP_PKEY_verify_init(EVP_PKEY_CTX
*ctx
)
415 return evp_pkey_signature_init(ctx
, NULL
, EVP_PKEY_OP_VERIFY
);
418 int EVP_PKEY_verify(EVP_PKEY_CTX
*ctx
,
419 const unsigned char *sig
, size_t siglen
,
420 const unsigned char *tbs
, size_t tbslen
)
425 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
429 if (ctx
->operation
!= EVP_PKEY_OP_VERIFY
) {
430 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
434 if (ctx
->op
.sig
.sigprovctx
== NULL
)
437 ret
= ctx
->op
.sig
.signature
->verify(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
442 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify
== NULL
) {
443 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
447 return ctx
->pmeth
->verify(ctx
, sig
, siglen
, tbs
, tbslen
);
450 int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX
*ctx
, EVP_SIGNATURE
*signature
)
452 return evp_pkey_signature_init(ctx
, signature
, EVP_PKEY_OP_VERIFYRECOVER
);
455 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX
*ctx
)
457 return evp_pkey_signature_init(ctx
, NULL
, EVP_PKEY_OP_VERIFYRECOVER
);
460 int EVP_PKEY_verify_recover(EVP_PKEY_CTX
*ctx
,
461 unsigned char *rout
, size_t *routlen
,
462 const unsigned char *sig
, size_t siglen
)
467 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
471 if (ctx
->operation
!= EVP_PKEY_OP_VERIFYRECOVER
) {
472 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
476 if (ctx
->op
.sig
.sigprovctx
== NULL
)
479 ret
= ctx
->op
.sig
.signature
->verify_recover(ctx
->op
.sig
.sigprovctx
, rout
,
481 (rout
== NULL
? 0 : *routlen
),
485 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify_recover
== NULL
) {
486 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
489 M_check_autoarg(ctx
, rout
, routlen
, EVP_F_EVP_PKEY_VERIFY_RECOVER
)
490 return ctx
->pmeth
->verify_recover(ctx
, rout
, routlen
, sig
, siglen
);
493 int EVP_PKEY_encrypt_init(EVP_PKEY_CTX
*ctx
)
496 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->encrypt
) {
497 EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT
,
498 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
501 ctx
->operation
= EVP_PKEY_OP_ENCRYPT
;
502 if (!ctx
->pmeth
->encrypt_init
)
504 ret
= ctx
->pmeth
->encrypt_init(ctx
);
506 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
510 int EVP_PKEY_encrypt(EVP_PKEY_CTX
*ctx
,
511 unsigned char *out
, size_t *outlen
,
512 const unsigned char *in
, size_t inlen
)
514 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->encrypt
) {
515 EVPerr(EVP_F_EVP_PKEY_ENCRYPT
,
516 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
519 if (ctx
->operation
!= EVP_PKEY_OP_ENCRYPT
) {
520 EVPerr(EVP_F_EVP_PKEY_ENCRYPT
, EVP_R_OPERATON_NOT_INITIALIZED
);
523 M_check_autoarg(ctx
, out
, outlen
, EVP_F_EVP_PKEY_ENCRYPT
)
524 return ctx
->pmeth
->encrypt(ctx
, out
, outlen
, in
, inlen
);
527 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX
*ctx
)
530 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->decrypt
) {
531 EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT
,
532 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
535 ctx
->operation
= EVP_PKEY_OP_DECRYPT
;
536 if (!ctx
->pmeth
->decrypt_init
)
538 ret
= ctx
->pmeth
->decrypt_init(ctx
);
540 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
544 int EVP_PKEY_decrypt(EVP_PKEY_CTX
*ctx
,
545 unsigned char *out
, size_t *outlen
,
546 const unsigned char *in
, size_t inlen
)
548 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->decrypt
) {
549 EVPerr(EVP_F_EVP_PKEY_DECRYPT
,
550 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
553 if (ctx
->operation
!= EVP_PKEY_OP_DECRYPT
) {
554 EVPerr(EVP_F_EVP_PKEY_DECRYPT
, EVP_R_OPERATON_NOT_INITIALIZED
);
557 M_check_autoarg(ctx
, out
, outlen
, EVP_F_EVP_PKEY_DECRYPT
)
558 return ctx
->pmeth
->decrypt(ctx
, out
, outlen
, in
, inlen
);