signature.c@ 98024

Last change on this file since 98024 was 97372, checked in by vboxsync, 2 years ago
libs: Switch to openssl-3.0.7, bugref:10317
File size: 25.0 KB

Line
1	/*
2	* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <stdio.h>
11	#include <stdlib.h>
12	#include <openssl/objects.h>
13	#include <openssl/evp.h>
14	#include "internal/numbers.h" /* includes SIZE_MAX */
15	#include "internal/cryptlib.h"
16	#include "internal/provider.h"
17	#include "internal/core.h"
18	#include "crypto/evp.h"
19	#include "evp_local.h"
20
21	static EVP_SIGNATURE evp_signature_new(OSSL_PROVIDER prov)
22	{
23	EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
24
25	if (signature == NULL) {
26	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
27	return NULL;
28	}
29
30	signature->lock = CRYPTO_THREAD_lock_new();
31	if (signature->lock == NULL) {
32	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
33	OPENSSL_free(signature);
34	return NULL;
35	}
36	signature->prov = prov;
37	ossl_provider_up_ref(prov);
38	signature->refcnt = 1;
39
40	return signature;
41	}
42
43	static void *evp_signature_from_algorithm(int name_id,
44	const OSSL_ALGORITHM *algodef,
45	OSSL_PROVIDER *prov)
46	{
47	const OSSL_DISPATCH *fns = algodef->implementation;
48	EVP_SIGNATURE *signature = NULL;
49	int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
50	int digsignfncnt = 0, digverifyfncnt = 0;
51	int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
52
53	if ((signature = evp_signature_new(prov)) == NULL) {
54	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
55	goto err;
56	}
57
58	signature->name_id = name_id;
59	if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
60	goto err;
61	signature->description = algodef->algorithm_description;
62
63	for (; fns->function_id != 0; fns++) {
64	switch (fns->function_id) {
65	case OSSL_FUNC_SIGNATURE_NEWCTX:
66	if (signature->newctx != NULL)
67	break;
68	signature->newctx = OSSL_FUNC_signature_newctx(fns);
69	ctxfncnt++;
70	break;
71	case OSSL_FUNC_SIGNATURE_SIGN_INIT:
72	if (signature->sign_init != NULL)
73	break;
74	signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
75	signfncnt++;
76	break;
77	case OSSL_FUNC_SIGNATURE_SIGN:
78	if (signature->sign != NULL)
79	break;
80	signature->sign = OSSL_FUNC_signature_sign(fns);
81	signfncnt++;
82	break;
83	case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
84	if (signature->verify_init != NULL)
85	break;
86	signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
87	verifyfncnt++;
88	break;
89	case OSSL_FUNC_SIGNATURE_VERIFY:
90	if (signature->verify != NULL)
91	break;
92	signature->verify = OSSL_FUNC_signature_verify(fns);
93	verifyfncnt++;
94	break;
95	case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
96	if (signature->verify_recover_init != NULL)
97	break;
98	signature->verify_recover_init
99	= OSSL_FUNC_signature_verify_recover_init(fns);
100	verifyrecfncnt++;
101	break;
102	case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
103	if (signature->verify_recover != NULL)
104	break;
105	signature->verify_recover
106	= OSSL_FUNC_signature_verify_recover(fns);
107	verifyrecfncnt++;
108	break;
109	case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
110	if (signature->digest_sign_init != NULL)
111	break;
112	signature->digest_sign_init
113	= OSSL_FUNC_signature_digest_sign_init(fns);
114	break;
115	case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
116	if (signature->digest_sign_update != NULL)
117	break;
118	signature->digest_sign_update
119	= OSSL_FUNC_signature_digest_sign_update(fns);
120	digsignfncnt++;
121	break;
122	case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
123	if (signature->digest_sign_final != NULL)
124	break;
125	signature->digest_sign_final
126	= OSSL_FUNC_signature_digest_sign_final(fns);
127	digsignfncnt++;
128	break;
129	case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
130	if (signature->digest_sign != NULL)
131	break;
132	signature->digest_sign
133	= OSSL_FUNC_signature_digest_sign(fns);
134	break;
135	case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
136	if (signature->digest_verify_init != NULL)
137	break;
138	signature->digest_verify_init
139	= OSSL_FUNC_signature_digest_verify_init(fns);
140	break;
141	case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
142	if (signature->digest_verify_update != NULL)
143	break;
144	signature->digest_verify_update
145	= OSSL_FUNC_signature_digest_verify_update(fns);
146	digverifyfncnt++;
147	break;
148	case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
149	if (signature->digest_verify_final != NULL)
150	break;
151	signature->digest_verify_final
152	= OSSL_FUNC_signature_digest_verify_final(fns);
153	digverifyfncnt++;
154	break;
155	case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
156	if (signature->digest_verify != NULL)
157	break;
158	signature->digest_verify
159	= OSSL_FUNC_signature_digest_verify(fns);
160	break;
161	case OSSL_FUNC_SIGNATURE_FREECTX:
162	if (signature->freectx != NULL)
163	break;
164	signature->freectx = OSSL_FUNC_signature_freectx(fns);
165	ctxfncnt++;
166	break;
167	case OSSL_FUNC_SIGNATURE_DUPCTX:
168	if (signature->dupctx != NULL)
169	break;
170	signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
171	break;
172	case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
173	if (signature->get_ctx_params != NULL)
174	break;
175	signature->get_ctx_params
176	= OSSL_FUNC_signature_get_ctx_params(fns);
177	gparamfncnt++;
178	break;
179	case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
180	if (signature->gettable_ctx_params != NULL)
181	break;
182	signature->gettable_ctx_params
183	= OSSL_FUNC_signature_gettable_ctx_params(fns);
184	gparamfncnt++;
185	break;
186	case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
187	if (signature->set_ctx_params != NULL)
188	break;
189	signature->set_ctx_params
190	= OSSL_FUNC_signature_set_ctx_params(fns);
191	sparamfncnt++;
192	break;
193	case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
194	if (signature->settable_ctx_params != NULL)
195	break;
196	signature->settable_ctx_params
197	= OSSL_FUNC_signature_settable_ctx_params(fns);
198	sparamfncnt++;
199	break;
200	case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
201	if (signature->get_ctx_md_params != NULL)
202	break;
203	signature->get_ctx_md_params
204	= OSSL_FUNC_signature_get_ctx_md_params(fns);
205	gmdparamfncnt++;
206	break;
207	case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
208	if (signature->gettable_ctx_md_params != NULL)
209	break;
210	signature->gettable_ctx_md_params
211	= OSSL_FUNC_signature_gettable_ctx_md_params(fns);
212	gmdparamfncnt++;
213	break;
214	case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
215	if (signature->set_ctx_md_params != NULL)
216	break;
217	signature->set_ctx_md_params
218	= OSSL_FUNC_signature_set_ctx_md_params(fns);
219	smdparamfncnt++;
220	break;
221	case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
222	if (signature->settable_ctx_md_params != NULL)
223	break;
224	signature->settable_ctx_md_params
225	= OSSL_FUNC_signature_settable_ctx_md_params(fns);
226	smdparamfncnt++;
227	break;
228	}
229	}
230	if (ctxfncnt != 2
231	\|\| (signfncnt == 0
232	&& verifyfncnt == 0
233	&& verifyrecfncnt == 0
234	&& digsignfncnt == 0
235	&& digverifyfncnt == 0
236	&& signature->digest_sign == NULL
237	&& signature->digest_verify == NULL)
238	\|\| (signfncnt != 0 && signfncnt != 2)
239	\|\| (verifyfncnt != 0 && verifyfncnt != 2)
240	\|\| (verifyrecfncnt != 0 && verifyrecfncnt != 2)
241	\|\| (digsignfncnt != 0 && digsignfncnt != 2)
242	\|\| (digsignfncnt == 2 && signature->digest_sign_init == NULL)
243	\|\| (digverifyfncnt != 0 && digverifyfncnt != 2)
244	\|\| (digverifyfncnt == 2 && signature->digest_verify_init == NULL)
245	\|\| (signature->digest_sign != NULL
246	&& signature->digest_sign_init == NULL)
247	\|\| (signature->digest_verify != NULL
248	&& signature->digest_verify_init == NULL)
249	\|\| (gparamfncnt != 0 && gparamfncnt != 2)
250	\|\| (sparamfncnt != 0 && sparamfncnt != 2)
251	\|\| (gmdparamfncnt != 0 && gmdparamfncnt != 2)
252	\|\| (smdparamfncnt != 0 && smdparamfncnt != 2)) {
253	/*
254	* In order to be a consistent set of functions we must have at least
255	* a set of context functions (newctx and freectx) as well as a set of
256	* "signature" functions:
257	* (sign_init, sign) or
258	* (verify_init verify) or
259	* (verify_recover_init, verify_recover) or
260	* (digest_sign_init, digest_sign_update, digest_sign_final) or
261	* (digest_verify_init, digest_verify_update, digest_verify_final) or
262	* (digest_sign_init, digest_sign) or
263	* (digest_verify_init, digest_verify).
264	*
265	* set_ctx_params and settable_ctx_params are optional, but if one of
266	* them is present then the other one must also be present. The same
267	* applies to get_ctx_params and gettable_ctx_params. The same rules
268	* apply to the "md_params" functions. The dupctx function is optional.
269	*/
270	ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
271	goto err;
272	}
273
274	return signature;
275	err:
276	EVP_SIGNATURE_free(signature);
277	return NULL;
278	}
279
280	void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
281	{
282	int i;
283
284	if (signature == NULL)
285	return;
286	CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
287	if (i > 0)
288	return;
289	OPENSSL_free(signature->type_name);
290	ossl_provider_free(signature->prov);
291	CRYPTO_THREAD_lock_free(signature->lock);
292	OPENSSL_free(signature);
293	}
294
295	int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
296	{
297	int ref = 0;
298
299	CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
300	return 1;
301	}
302
303	OSSL_PROVIDER EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE signature)
304	{
305	return signature->prov;
306	}
307
308	EVP_SIGNATURE EVP_SIGNATURE_fetch(OSSL_LIB_CTX ctx, const char *algorithm,
309	const char *properties)
310	{
311	return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
312	evp_signature_from_algorithm,
313	(int ()(void ))EVP_SIGNATURE_up_ref,
314	(void ()(void ))EVP_SIGNATURE_free);
315	}
316
317	EVP_SIGNATURE evp_signature_fetch_from_prov(OSSL_PROVIDER prov,
318	const char *algorithm,
319	const char *properties)
320	{
321	return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE,
322	algorithm, properties,
323	evp_signature_from_algorithm,
324	(int ()(void ))EVP_SIGNATURE_up_ref,
325	(void ()(void ))EVP_SIGNATURE_free);
326	}
327
328	int EVP_SIGNATURE_is_a(const EVP_SIGNATURE signature, const char name)
329	{
330	return signature != NULL
331	&& evp_is_a(signature->prov, signature->name_id, NULL, name);
332	}
333
334	int evp_signature_get_number(const EVP_SIGNATURE *signature)
335	{
336	return signature->name_id;
337	}
338
339	const char EVP_SIGNATURE_get0_name(const EVP_SIGNATURE signature)
340	{
341	return signature->type_name;
342	}
343
344	const char EVP_SIGNATURE_get0_description(const EVP_SIGNATURE signature)
345	{
346	return signature->description;
347	}
348
349	void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
350	void (fn)(EVP_SIGNATURE signature,
351	void *arg),
352	void *arg)
353	{
354	evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
355	(void ()(void , void *))fn, arg,
356	evp_signature_from_algorithm,
357	(int ()(void ))EVP_SIGNATURE_up_ref,
358	(void ()(void ))EVP_SIGNATURE_free);
359	}
360
361
362	int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
363	void (fn)(const char name, void *data),
364	void *data)
365	{
366	if (signature->prov != NULL)
367	return evp_names_do_all(signature->prov, signature->name_id, fn, data);
368
369	return 1;
370	}
371
372	const OSSL_PARAM EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE sig)
373	{
374	void *provctx;
375
376	if (sig == NULL \|\| sig->gettable_ctx_params == NULL)
377	return NULL;
378
379	provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
380	return sig->gettable_ctx_params(NULL, provctx);
381	}
382
383	const OSSL_PARAM EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE sig)
384	{
385	void *provctx;
386
387	if (sig == NULL \|\| sig->settable_ctx_params == NULL)
388	return NULL;
389
390	provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
391	return sig->settable_ctx_params(NULL, provctx);
392	}
393
394	static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
395	const OSSL_PARAM params[])
396	{
397	int ret = 0;
398	void *provkey = NULL;
399	EVP_SIGNATURE *signature = NULL;
400	EVP_KEYMGMT *tmp_keymgmt = NULL;
401	const OSSL_PROVIDER *tmp_prov = NULL;
402	const char *supported_sig = NULL;
403	int iter;
404
405	if (ctx == NULL) {
406	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
407	return -2;
408	}
409
410	evp_pkey_ctx_free_old_ops(ctx);
411	ctx->operation = operation;
412
413	ERR_set_mark();
414
415	if (evp_pkey_ctx_is_legacy(ctx))
416	goto legacy;
417
418	if (ctx->pkey == NULL) {
419	ERR_clear_last_mark();
420	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
421	goto err;
422	}
423
424	/*
425	* Try to derive the supported signature from \|ctx->keymgmt\|.
426	*/
427	if (!ossl_assert(ctx->pkey->keymgmt == NULL
428	\|\| ctx->pkey->keymgmt == ctx->keymgmt)) {
429	ERR_clear_last_mark();
430	ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
431	goto err;
432	}
433	supported_sig = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
434	OSSL_OP_SIGNATURE);
435	if (supported_sig == NULL) {
436	ERR_clear_last_mark();
437	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
438	goto err;
439	}
440
441	/*
442	* We perform two iterations:
443	*
444	* 1. Do the normal signature fetch, using the fetching data given by
445	* the EVP_PKEY_CTX.
446	* 2. Do the provider specific signature fetch, from the same provider
447	* as \|ctx->keymgmt\|
448	*
449	* We then try to fetch the keymgmt from the same provider as the
450	* signature, and try to export \|ctx->pkey\| to that keymgmt (when
451	* this keymgmt happens to be the same as \|ctx->keymgmt\|, the export
452	* is a no-op, but we call it anyway to not complicate the code even
453	* more).
454	* If the export call succeeds (returns a non-NULL provider key pointer),
455	* we're done and can perform the operation itself. If not, we perform
456	* the second iteration, or jump to legacy.
457	*/
458	for (iter = 1; iter < 3 && provkey == NULL; iter++) {
459	EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
460
461	/*
462	* If we're on the second iteration, free the results from the first.
463	* They are NULL on the first iteration, so no need to check what
464	* iteration we're on.
465	*/
466	EVP_SIGNATURE_free(signature);
467	EVP_KEYMGMT_free(tmp_keymgmt);
468
469	switch (iter) {
470	case 1:
471	signature =
472	EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
473	if (signature != NULL)
474	tmp_prov = EVP_SIGNATURE_get0_provider(signature);
475	break;
476	case 2:
477	tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
478	signature =
479	evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
480	supported_sig, ctx->propquery);
481	if (signature == NULL)
482	goto legacy;
483	break;
484	}
485	if (signature == NULL)
486	continue;
487
488	/*
489	* Ensure that the key is provided, either natively, or as a cached
490	* export. We start by fetching the keymgmt with the same name as
491	* \|ctx->pkey\|, but from the provider of the signature method, using
492	* the same property query as when fetching the signature method.
493	* With the keymgmt we found (if we did), we try to export \|ctx->pkey\|
494	* to it (evp_pkey_export_to_provider() is smart enough to only actually
495
496	* export it if \|tmp_keymgmt\| is different from \|ctx->pkey\|'s keymgmt)
497	*/
498	tmp_keymgmt_tofree = tmp_keymgmt =
499	evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
500	EVP_KEYMGMT_get0_name(ctx->keymgmt),
501	ctx->propquery);
502	if (tmp_keymgmt != NULL)
503	provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
504	&tmp_keymgmt, ctx->propquery);
505	if (tmp_keymgmt == NULL)
506	EVP_KEYMGMT_free(tmp_keymgmt_tofree);
507	}
508
509	if (provkey == NULL) {
510	EVP_SIGNATURE_free(signature);
511	goto legacy;
512	}
513
514	ERR_pop_to_mark();
515
516	/* No more legacy from here down to legacy: */
517
518	ctx->op.sig.signature = signature;
519	ctx->op.sig.algctx =
520	signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
521	if (ctx->op.sig.algctx == NULL) {
522	/* The provider key can stay in the cache */
523	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
524	goto err;
525	}
526
527	switch (operation) {
528	case EVP_PKEY_OP_SIGN:
529	if (signature->sign_init == NULL) {
530	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
531	ret = -2;
532	goto err;
533	}
534	ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
535	break;
536	case EVP_PKEY_OP_VERIFY:
537	if (signature->verify_init == NULL) {
538	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
539	ret = -2;
540	goto err;
541	}
542	ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
543	break;
544	case EVP_PKEY_OP_VERIFYRECOVER:
545	if (signature->verify_recover_init == NULL) {
546	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
547	ret = -2;
548	goto err;
549	}
550	ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey,
551	params);
552	break;
553	default:
554	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
555	goto err;
556	}
557
558	if (ret <= 0) {
559	signature->freectx(ctx->op.sig.algctx);
560	ctx->op.sig.algctx = NULL;
561	goto err;
562	}
563	goto end;
564
565	legacy:
566	/*
567	* If we don't have the full support we need with provided methods,
568	* let's go see if legacy does.
569	*/
570	ERR_pop_to_mark();
571	EVP_KEYMGMT_free(tmp_keymgmt);
572	tmp_keymgmt = NULL;
573
574	if (ctx->pmeth == NULL
575	\|\| (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
576	\|\| (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
577	\|\| (operation == EVP_PKEY_OP_VERIFYRECOVER
578	&& ctx->pmeth->verify_recover == NULL)) {
579	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
580	return -2;
581	}
582
583	switch (operation) {
584	case EVP_PKEY_OP_SIGN:
585	if (ctx->pmeth->sign_init == NULL)
586	return 1;
587	ret = ctx->pmeth->sign_init(ctx);
588	break;
589	case EVP_PKEY_OP_VERIFY:
590	if (ctx->pmeth->verify_init == NULL)
591	return 1;
592	ret = ctx->pmeth->verify_init(ctx);
593	break;
594	case EVP_PKEY_OP_VERIFYRECOVER:
595	if (ctx->pmeth->verify_recover_init == NULL)
596	return 1;
597	ret = ctx->pmeth->verify_recover_init(ctx);
598	break;
599	default:
600	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
601	goto err;
602	}
603	if (ret <= 0)
604	goto err;
605	end:
606	#ifndef FIPS_MODULE
607	if (ret > 0)
608	ret = evp_pkey_ctx_use_cached_data(ctx);
609	#endif
610
611	EVP_KEYMGMT_free(tmp_keymgmt);
612	return ret;
613	err:
614	evp_pkey_ctx_free_old_ops(ctx);
615	ctx->operation = EVP_PKEY_OP_UNDEFINED;
616	EVP_KEYMGMT_free(tmp_keymgmt);
617	return ret;
618	}
619
620	int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
621	{
622	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, NULL);
623	}
624
625	int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
626	{
627	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, params);
628	}
629
630	int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
631	unsigned char sig, size_t siglen,
632	const unsigned char *tbs, size_t tbslen)
633	{
634	int ret;
635
636	if (ctx == NULL) {
637	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
638	return -2;
639	}
640
641	if (ctx->operation != EVP_PKEY_OP_SIGN) {
642	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
643	return -1;
644	}
645
646	if (ctx->op.sig.algctx == NULL)
647	goto legacy;
648
649	ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
650	(sig == NULL) ? 0 : *siglen, tbs, tbslen);
651
652	return ret;
653	legacy:
654
655	if (ctx->pmeth == NULL \|\| ctx->pmeth->sign == NULL) {
656	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
657	return -2;
658	}
659
660	M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
661	return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
662	}
663
664	int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
665	{
666	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, NULL);
667	}
668
669	int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
670	{
671	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, params);
672	}
673
674	int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
675	const unsigned char *sig, size_t siglen,
676	const unsigned char *tbs, size_t tbslen)
677	{
678	int ret;
679
680	if (ctx == NULL) {
681	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
682	return -2;
683	}
684
685	if (ctx->operation != EVP_PKEY_OP_VERIFY) {
686	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
687	return -1;
688	}
689
690	if (ctx->op.sig.algctx == NULL)
691	goto legacy;
692
693	ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
694	tbs, tbslen);
695
696	return ret;
697	legacy:
698	if (ctx->pmeth == NULL \|\| ctx->pmeth->verify == NULL) {
699	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
700	return -2;
701	}
702
703	return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
704	}
705
706	int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
707	{
708	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, NULL);
709	}
710
711	int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
712	const OSSL_PARAM params[])
713	{
714	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params);
715	}
716
717	int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
718	unsigned char rout, size_t routlen,
719	const unsigned char *sig, size_t siglen)
720	{
721	int ret;
722
723	if (ctx == NULL) {
724	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
725	return -2;
726	}
727
728	if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
729	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
730	return -1;
731	}
732
733	if (ctx->op.sig.algctx == NULL)
734	goto legacy;
735
736	ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
737	routlen,
738	(rout == NULL ? 0 : *routlen),
739	sig, siglen);
740	return ret;
741	legacy:
742	if (ctx->pmeth == NULL \|\| ctx->pmeth->verify_recover == NULL) {
743	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
744	return -2;
745	}
746	M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
747	return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
748	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.0.7/crypto/evp/signature.c@ 98024

Download in other formats: