2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
19 static EVP_SIGNATURE
*evp_signature_new(OSSL_PROVIDER
*prov
)
21 EVP_SIGNATURE
*signature
= OPENSSL_zalloc(sizeof(EVP_SIGNATURE
));
23 if (signature
== NULL
) {
24 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
28 signature
->lock
= CRYPTO_THREAD_lock_new();
29 if (signature
->lock
== NULL
) {
30 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
31 OPENSSL_free(signature
);
34 signature
->prov
= prov
;
35 ossl_provider_up_ref(prov
);
36 signature
->refcnt
= 1;
41 static void *evp_signature_from_dispatch(int name_id
,
42 const OSSL_DISPATCH
*fns
,
45 EVP_SIGNATURE
*signature
= NULL
;
46 int ctxfncnt
= 0, signfncnt
= 0, verifyfncnt
= 0, verifyrecfncnt
= 0;
47 int digsignfncnt
= 0, digverifyfncnt
= 0;
48 int gparamfncnt
= 0, sparamfncnt
= 0, gmdparamfncnt
= 0, smdparamfncnt
= 0;
50 if ((signature
= evp_signature_new(prov
)) == NULL
) {
51 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
55 signature
->name_id
= name_id
;
57 for (; fns
->function_id
!= 0; fns
++) {
58 switch (fns
->function_id
) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX
:
60 if (signature
->newctx
!= NULL
)
62 signature
->newctx
= OSSL_get_OP_signature_newctx(fns
);
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT
:
66 if (signature
->sign_init
!= NULL
)
68 signature
->sign_init
= OSSL_get_OP_signature_sign_init(fns
);
71 case OSSL_FUNC_SIGNATURE_SIGN
:
72 if (signature
->sign
!= NULL
)
74 signature
->sign
= OSSL_get_OP_signature_sign(fns
);
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT
:
78 if (signature
->verify_init
!= NULL
)
80 signature
->verify_init
= OSSL_get_OP_signature_verify_init(fns
);
83 case OSSL_FUNC_SIGNATURE_VERIFY
:
84 if (signature
->verify
!= NULL
)
86 signature
->verify
= OSSL_get_OP_signature_verify(fns
);
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
:
90 if (signature
->verify_recover_init
!= NULL
)
92 signature
->verify_recover_init
93 = OSSL_get_OP_signature_verify_recover_init(fns
);
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
:
97 if (signature
->verify_recover
!= NULL
)
99 signature
->verify_recover
100 = OSSL_get_OP_signature_verify_recover(fns
);
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT
:
104 if (signature
->digest_sign_init
!= NULL
)
106 signature
->digest_sign_init
107 = OSSL_get_OP_signature_digest_sign_init(fns
);
110 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE
:
111 if (signature
->digest_sign_update
!= NULL
)
113 signature
->digest_sign_update
114 = OSSL_get_OP_signature_digest_sign_update(fns
);
117 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL
:
118 if (signature
->digest_sign_final
!= NULL
)
120 signature
->digest_sign_final
121 = OSSL_get_OP_signature_digest_sign_final(fns
);
124 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT
:
125 if (signature
->digest_verify_init
!= NULL
)
127 signature
->digest_verify_init
128 = OSSL_get_OP_signature_digest_verify_init(fns
);
131 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE
:
132 if (signature
->digest_verify_update
!= NULL
)
134 signature
->digest_verify_update
135 = OSSL_get_OP_signature_digest_verify_update(fns
);
138 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL
:
139 if (signature
->digest_verify_final
!= NULL
)
141 signature
->digest_verify_final
142 = OSSL_get_OP_signature_digest_verify_final(fns
);
145 case OSSL_FUNC_SIGNATURE_FREECTX
:
146 if (signature
->freectx
!= NULL
)
148 signature
->freectx
= OSSL_get_OP_signature_freectx(fns
);
151 case OSSL_FUNC_SIGNATURE_DUPCTX
:
152 if (signature
->dupctx
!= NULL
)
154 signature
->dupctx
= OSSL_get_OP_signature_dupctx(fns
);
156 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
:
157 if (signature
->get_ctx_params
!= NULL
)
159 signature
->get_ctx_params
160 = OSSL_get_OP_signature_get_ctx_params(fns
);
163 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
:
164 if (signature
->gettable_ctx_params
!= NULL
)
166 signature
->gettable_ctx_params
167 = OSSL_get_OP_signature_gettable_ctx_params(fns
);
170 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
:
171 if (signature
->set_ctx_params
!= NULL
)
173 signature
->set_ctx_params
174 = OSSL_get_OP_signature_set_ctx_params(fns
);
177 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
:
178 if (signature
->settable_ctx_params
!= NULL
)
180 signature
->settable_ctx_params
181 = OSSL_get_OP_signature_settable_ctx_params(fns
);
184 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS
:
185 if (signature
->get_ctx_md_params
!= NULL
)
187 signature
->get_ctx_md_params
188 = OSSL_get_OP_signature_get_ctx_md_params(fns
);
191 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS
:
192 if (signature
->gettable_ctx_md_params
!= NULL
)
194 signature
->gettable_ctx_md_params
195 = OSSL_get_OP_signature_gettable_ctx_md_params(fns
);
198 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS
:
199 if (signature
->set_ctx_md_params
!= NULL
)
201 signature
->set_ctx_md_params
202 = OSSL_get_OP_signature_set_ctx_md_params(fns
);
205 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
:
206 if (signature
->settable_ctx_md_params
!= NULL
)
208 signature
->settable_ctx_md_params
209 = OSSL_get_OP_signature_settable_ctx_md_params(fns
);
217 && verifyrecfncnt
== 0
219 && digverifyfncnt
== 0)
220 || (signfncnt
!= 0 && signfncnt
!= 2)
221 || (verifyfncnt
!= 0 && verifyfncnt
!= 2)
222 || (verifyrecfncnt
!= 0 && verifyrecfncnt
!= 2)
223 || (digsignfncnt
!= 0 && digsignfncnt
!= 3)
224 || (digverifyfncnt
!= 0 && digverifyfncnt
!= 3)
225 || (gparamfncnt
!= 0 && gparamfncnt
!= 2)
226 || (sparamfncnt
!= 0 && sparamfncnt
!= 2)
227 || (gmdparamfncnt
!= 0 && gmdparamfncnt
!= 2)
228 || (smdparamfncnt
!= 0 && smdparamfncnt
!= 2)) {
230 * In order to be a consistent set of functions we must have at least
231 * a set of context functions (newctx and freectx) as well as a set of
232 * "signature" functions:
233 * (sign_init, sign) or
234 * (verify_init verify) or
235 * (verify_recover_init, verify_recover) or
236 * (digest_sign_init, digest_sign_update, digest_sign_final) or
237 * (digest_verify_init, digest_verify_update, digest_verify_final).
239 * set_ctx_params and settable_ctx_params are optional, but if one of
240 * them is present then the other one must also be present. The same
241 * applies to get_ctx_params and gettable_ctx_params. The same rules
242 * apply to the "md_params" functions. The dupctx function is optional.
244 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
250 EVP_SIGNATURE_free(signature
);
254 void EVP_SIGNATURE_free(EVP_SIGNATURE
*signature
)
256 if (signature
!= NULL
) {
259 CRYPTO_DOWN_REF(&signature
->refcnt
, &i
, signature
->lock
);
262 ossl_provider_free(signature
->prov
);
263 CRYPTO_THREAD_lock_free(signature
->lock
);
264 OPENSSL_free(signature
);
268 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE
*signature
)
272 CRYPTO_UP_REF(&signature
->refcnt
, &ref
, signature
->lock
);
276 OSSL_PROVIDER
*EVP_SIGNATURE_provider(const EVP_SIGNATURE
*signature
)
278 return signature
->prov
;
281 EVP_SIGNATURE
*EVP_SIGNATURE_fetch(OPENSSL_CTX
*ctx
, const char *algorithm
,
282 const char *properties
)
284 return evp_generic_fetch(ctx
, OSSL_OP_SIGNATURE
, algorithm
, properties
,
285 evp_signature_from_dispatch
,
286 (int (*)(void *))EVP_SIGNATURE_up_ref
,
287 (void (*)(void *))EVP_SIGNATURE_free
);
290 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE
*signature
, const char *name
)
292 return evp_is_a(signature
->prov
, signature
->name_id
, NULL
, name
);
295 int EVP_SIGNATURE_number(const EVP_SIGNATURE
*signature
)
297 return signature
->name_id
;
300 void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX
*libctx
,
301 void (*fn
)(EVP_SIGNATURE
*signature
,
305 evp_generic_do_all(libctx
, OSSL_OP_SIGNATURE
,
306 (void (*)(void *, void *))fn
, arg
,
307 evp_signature_from_dispatch
,
308 (void (*)(void *))EVP_SIGNATURE_free
);
312 void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE
*signature
,
313 void (*fn
)(const char *name
, void *data
),
316 if (signature
->prov
!= NULL
)
317 evp_names_do_all(signature
->prov
, signature
->name_id
, fn
, data
);
320 static int evp_pkey_signature_init(EVP_PKEY_CTX
*ctx
, int operation
)
323 void *provkey
= NULL
;
324 EVP_SIGNATURE
*signature
= NULL
;
325 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
326 const char *supported_sig
= NULL
;
329 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
333 evp_pkey_ctx_free_old_ops(ctx
);
334 ctx
->operation
= operation
;
337 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
338 * calls can be removed.
342 if (ctx
->keytype
== NULL
)
346 * Ensure that the key is provided, either natively, or as a cached export.
349 tmp_keymgmt
= ctx
->keymgmt
;
350 provkey
= evp_pkey_export_to_provider(ctx
->pkey
, ctx
->libctx
,
351 &tmp_keymgmt
, ctx
->propquery
);
354 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
)) {
355 ERR_clear_last_mark();
356 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
359 EVP_KEYMGMT_free(ctx
->keymgmt
);
360 ctx
->keymgmt
= tmp_keymgmt
;
362 if (ctx
->keymgmt
->query_operation_name
!= NULL
)
363 supported_sig
= ctx
->keymgmt
->query_operation_name(OSSL_OP_SIGNATURE
);
366 * If we didn't get a supported sig, assume there is one with the
367 * same name as the key type.
369 if (supported_sig
== NULL
)
370 supported_sig
= ctx
->keytype
;
373 * Because we cleared out old ops, we shouldn't need to worry about
374 * checking if signature is already there.
377 EVP_SIGNATURE_fetch(ctx
->libctx
, supported_sig
, ctx
->propquery
);
379 if (signature
== NULL
380 || (EVP_KEYMGMT_provider(ctx
->keymgmt
)
381 != EVP_SIGNATURE_provider(signature
))) {
383 * We don't need to free ctx->keymgmt here, as it's not necessarily
384 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
386 EVP_SIGNATURE_free(signature
);
391 * TODO remove this when legacy is gone
392 * If we don't have the full support we need with provided methods,
393 * let's go see if legacy does.
397 /* No more legacy from here down to legacy: */
399 ctx
->op
.sig
.signature
= signature
;
400 ctx
->op
.sig
.sigprovctx
= signature
->newctx(ossl_provider_ctx(signature
->prov
));
401 if (ctx
->op
.sig
.sigprovctx
== NULL
) {
402 /* The provider key can stay in the cache */
403 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
408 case EVP_PKEY_OP_SIGN
:
409 if (signature
->sign_init
== NULL
) {
410 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
414 ret
= signature
->sign_init(ctx
->op
.sig
.sigprovctx
, provkey
);
416 case EVP_PKEY_OP_VERIFY
:
417 if (signature
->verify_init
== NULL
) {
418 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
422 ret
= signature
->verify_init(ctx
->op
.sig
.sigprovctx
, provkey
);
424 case EVP_PKEY_OP_VERIFYRECOVER
:
425 if (signature
->verify_recover_init
== NULL
) {
426 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
430 ret
= signature
->verify_recover_init(ctx
->op
.sig
.sigprovctx
, provkey
);
433 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
438 signature
->freectx(ctx
->op
.sig
.sigprovctx
);
439 ctx
->op
.sig
.sigprovctx
= NULL
;
446 * TODO remove this when legacy is gone
447 * If we don't have the full support we need with provided methods,
448 * let's go see if legacy does.
452 if (ctx
->pmeth
== NULL
453 || (operation
== EVP_PKEY_OP_SIGN
&& ctx
->pmeth
->sign
== NULL
)
454 || (operation
== EVP_PKEY_OP_VERIFY
&& ctx
->pmeth
->verify
== NULL
)
455 || (operation
== EVP_PKEY_OP_VERIFYRECOVER
456 && ctx
->pmeth
->verify_recover
== NULL
)) {
457 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
462 case EVP_PKEY_OP_SIGN
:
463 if (ctx
->pmeth
->sign_init
== NULL
)
465 ret
= ctx
->pmeth
->sign_init(ctx
);
467 case EVP_PKEY_OP_VERIFY
:
468 if (ctx
->pmeth
->verify_init
== NULL
)
470 ret
= ctx
->pmeth
->verify_init(ctx
);
472 case EVP_PKEY_OP_VERIFYRECOVER
:
473 if (ctx
->pmeth
->verify_recover_init
== NULL
)
475 ret
= ctx
->pmeth
->verify_recover_init(ctx
);
478 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
486 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
490 int EVP_PKEY_sign_init(EVP_PKEY_CTX
*ctx
)
492 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_SIGN
);
495 int EVP_PKEY_sign(EVP_PKEY_CTX
*ctx
,
496 unsigned char *sig
, size_t *siglen
,
497 const unsigned char *tbs
, size_t tbslen
)
502 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
506 if (ctx
->operation
!= EVP_PKEY_OP_SIGN
) {
507 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
511 if (ctx
->op
.sig
.sigprovctx
== NULL
)
514 ret
= ctx
->op
.sig
.signature
->sign(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
515 SIZE_MAX
, tbs
, tbslen
);
520 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->sign
== NULL
) {
521 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
525 M_check_autoarg(ctx
, sig
, siglen
, EVP_F_EVP_PKEY_SIGN
)
526 return ctx
->pmeth
->sign(ctx
, sig
, siglen
, tbs
, tbslen
);
529 int EVP_PKEY_verify_init(EVP_PKEY_CTX
*ctx
)
531 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_VERIFY
);
534 int EVP_PKEY_verify(EVP_PKEY_CTX
*ctx
,
535 const unsigned char *sig
, size_t siglen
,
536 const unsigned char *tbs
, size_t tbslen
)
541 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
545 if (ctx
->operation
!= EVP_PKEY_OP_VERIFY
) {
546 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
550 if (ctx
->op
.sig
.sigprovctx
== NULL
)
553 ret
= ctx
->op
.sig
.signature
->verify(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
558 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify
== NULL
) {
559 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
563 return ctx
->pmeth
->verify(ctx
, sig
, siglen
, tbs
, tbslen
);
566 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX
*ctx
)
568 return evp_pkey_signature_init(ctx
, EVP_PKEY_OP_VERIFYRECOVER
);
571 int EVP_PKEY_verify_recover(EVP_PKEY_CTX
*ctx
,
572 unsigned char *rout
, size_t *routlen
,
573 const unsigned char *sig
, size_t siglen
)
578 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
582 if (ctx
->operation
!= EVP_PKEY_OP_VERIFYRECOVER
) {
583 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
587 if (ctx
->op
.sig
.sigprovctx
== NULL
)
590 ret
= ctx
->op
.sig
.signature
->verify_recover(ctx
->op
.sig
.sigprovctx
, rout
,
592 (rout
== NULL
? 0 : *routlen
),
596 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify_recover
== NULL
) {
597 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
600 M_check_autoarg(ctx
, rout
, routlen
, EVP_F_EVP_PKEY_VERIFY_RECOVER
)
601 return ctx
->pmeth
->verify_recover(ctx
, rout
, routlen
, sig
, siglen
);