1 /*
2 * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/err.h>
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <openssl/core_names.h>
14 #include <openssl/objects.h>
15 #include <openssl/evp.h>
16 #include "internal/numbers.h" /* includes SIZE_MAX */
17 #include "internal/cryptlib.h"
18 #include "internal/provider.h"
19 #include "internal/core.h"
20 #include "crypto/evp.h"
21 #include "evp_local.h"
22
evp_signature_free(void * data)23 static void evp_signature_free(void *data)
24 {
25 EVP_SIGNATURE_free(data);
26 }
27
evp_signature_up_ref(void * data)28 static int evp_signature_up_ref(void *data)
29 {
30 return EVP_SIGNATURE_up_ref(data);
31 }
32
evp_signature_new(OSSL_PROVIDER * prov)33 static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
34 {
35 EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
36
37 if (signature == NULL)
38 return NULL;
39
40 if (!CRYPTO_NEW_REF(&signature->refcnt, 1)
41 || !ossl_provider_up_ref(prov)) {
42 CRYPTO_FREE_REF(&signature->refcnt);
43 OPENSSL_free(signature);
44 return NULL;
45 }
46
47 signature->prov = prov;
48
49 return signature;
50 }
51
evp_signature_from_algorithm(int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)52 static void *evp_signature_from_algorithm(int name_id,
53 const OSSL_ALGORITHM *algodef,
54 OSSL_PROVIDER *prov)
55 {
56 const OSSL_DISPATCH *fns = algodef->implementation;
57 EVP_SIGNATURE *signature = NULL;
58 const char *desc;
59 /* Counts newctx / freectx */
60 int ctxfncnt = 0;
61 /* Counts all init functions */
62 int initfncnt = 0;
63 /* Counts all parameter functions */
64 int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
65 int valid = 0;
66
67 if ((signature = evp_signature_new(prov)) == NULL) {
68 ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
69 goto err;
70 }
71
72 signature->name_id = name_id;
73 if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
74 goto err;
75 signature->description = algodef->algorithm_description;
76 desc = signature->description != NULL ? signature->description : "";
77
78 for (; fns->function_id != 0; fns++) {
79 switch (fns->function_id) {
80 case OSSL_FUNC_SIGNATURE_NEWCTX:
81 if (signature->newctx != NULL)
82 break;
83 signature->newctx = OSSL_FUNC_signature_newctx(fns);
84 ctxfncnt++;
85 break;
86 case OSSL_FUNC_SIGNATURE_SIGN_INIT:
87 if (signature->sign_init != NULL)
88 break;
89 signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
90 initfncnt++;
91 break;
92 case OSSL_FUNC_SIGNATURE_SIGN:
93 if (signature->sign != NULL)
94 break;
95 signature->sign = OSSL_FUNC_signature_sign(fns);
96 break;
97 case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT:
98 if (signature->sign_message_init != NULL)
99 break;
100 signature->sign_message_init
101 = OSSL_FUNC_signature_sign_message_init(fns);
102 initfncnt++;
103 break;
104 case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE:
105 if (signature->sign_message_update != NULL)
106 break;
107 signature->sign_message_update
108 = OSSL_FUNC_signature_sign_message_update(fns);
109 break;
110 case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL:
111 if (signature->sign_message_final != NULL)
112 break;
113 signature->sign_message_final
114 = OSSL_FUNC_signature_sign_message_final(fns);
115 break;
116 case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
117 if (signature->verify_init != NULL)
118 break;
119 signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
120 initfncnt++;
121 break;
122 case OSSL_FUNC_SIGNATURE_VERIFY:
123 if (signature->verify != NULL)
124 break;
125 signature->verify = OSSL_FUNC_signature_verify(fns);
126 break;
127 case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT:
128 if (signature->verify_message_init != NULL)
129 break;
130 signature->verify_message_init
131 = OSSL_FUNC_signature_verify_message_init(fns);
132 initfncnt++;
133 break;
134 case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE:
135 if (signature->verify_message_update != NULL)
136 break;
137 signature->verify_message_update
138 = OSSL_FUNC_signature_verify_message_update(fns);
139 break;
140 case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL:
141 if (signature->verify_message_final != NULL)
142 break;
143 signature->verify_message_final
144 = OSSL_FUNC_signature_verify_message_final(fns);
145 break;
146 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
147 if (signature->verify_recover_init != NULL)
148 break;
149 signature->verify_recover_init
150 = OSSL_FUNC_signature_verify_recover_init(fns);
151 initfncnt++;
152 break;
153 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
154 if (signature->verify_recover != NULL)
155 break;
156 signature->verify_recover
157 = OSSL_FUNC_signature_verify_recover(fns);
158 break;
159 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
160 if (signature->digest_sign_init != NULL)
161 break;
162 signature->digest_sign_init
163 = OSSL_FUNC_signature_digest_sign_init(fns);
164 initfncnt++;
165 break;
166 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
167 if (signature->digest_sign_update != NULL)
168 break;
169 signature->digest_sign_update
170 = OSSL_FUNC_signature_digest_sign_update(fns);
171 break;
172 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
173 if (signature->digest_sign_final != NULL)
174 break;
175 signature->digest_sign_final
176 = OSSL_FUNC_signature_digest_sign_final(fns);
177 break;
178 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
179 if (signature->digest_sign != NULL)
180 break;
181 signature->digest_sign
182 = OSSL_FUNC_signature_digest_sign(fns);
183 break;
184 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
185 if (signature->digest_verify_init != NULL)
186 break;
187 signature->digest_verify_init
188 = OSSL_FUNC_signature_digest_verify_init(fns);
189 initfncnt++;
190 break;
191 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
192 if (signature->digest_verify_update != NULL)
193 break;
194 signature->digest_verify_update
195 = OSSL_FUNC_signature_digest_verify_update(fns);
196 break;
197 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
198 if (signature->digest_verify_final != NULL)
199 break;
200 signature->digest_verify_final
201 = OSSL_FUNC_signature_digest_verify_final(fns);
202 break;
203 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
204 if (signature->digest_verify != NULL)
205 break;
206 signature->digest_verify
207 = OSSL_FUNC_signature_digest_verify(fns);
208 break;
209 case OSSL_FUNC_SIGNATURE_FREECTX:
210 if (signature->freectx != NULL)
211 break;
212 signature->freectx = OSSL_FUNC_signature_freectx(fns);
213 ctxfncnt++;
214 break;
215 case OSSL_FUNC_SIGNATURE_DUPCTX:
216 if (signature->dupctx != NULL)
217 break;
218 signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
219 break;
220 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
221 if (signature->get_ctx_params != NULL)
222 break;
223 signature->get_ctx_params
224 = OSSL_FUNC_signature_get_ctx_params(fns);
225 gparamfncnt++;
226 break;
227 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
228 if (signature->gettable_ctx_params != NULL)
229 break;
230 signature->gettable_ctx_params
231 = OSSL_FUNC_signature_gettable_ctx_params(fns);
232 gparamfncnt++;
233 break;
234 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
235 if (signature->set_ctx_params != NULL)
236 break;
237 signature->set_ctx_params
238 = OSSL_FUNC_signature_set_ctx_params(fns);
239 sparamfncnt++;
240 break;
241 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
242 if (signature->settable_ctx_params != NULL)
243 break;
244 signature->settable_ctx_params
245 = OSSL_FUNC_signature_settable_ctx_params(fns);
246 sparamfncnt++;
247 break;
248 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
249 if (signature->get_ctx_md_params != NULL)
250 break;
251 signature->get_ctx_md_params
252 = OSSL_FUNC_signature_get_ctx_md_params(fns);
253 gmdparamfncnt++;
254 break;
255 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
256 if (signature->gettable_ctx_md_params != NULL)
257 break;
258 signature->gettable_ctx_md_params
259 = OSSL_FUNC_signature_gettable_ctx_md_params(fns);
260 gmdparamfncnt++;
261 break;
262 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
263 if (signature->set_ctx_md_params != NULL)
264 break;
265 signature->set_ctx_md_params
266 = OSSL_FUNC_signature_set_ctx_md_params(fns);
267 smdparamfncnt++;
268 break;
269 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
270 if (signature->settable_ctx_md_params != NULL)
271 break;
272 signature->settable_ctx_md_params
273 = OSSL_FUNC_signature_settable_ctx_md_params(fns);
274 smdparamfncnt++;
275 break;
276 case OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES:
277 if (signature->query_key_types != NULL)
278 break;
279 signature->query_key_types
280 = OSSL_FUNC_signature_query_key_types(fns);
281 break;
282 }
283 }
284 /*
285 * In order to be a consistent set of functions we must have at least
286 * a set of context functions (newctx and freectx) as well as a set of
287 * "signature" functions. Because there's an overlap between some sets
288 * of functions, counters don't always cut it, we must test known
289 * combinations.
290 * We start by assuming the implementation is valid, and then look for
291 * reasons it's not.
292 */
293 valid = 1;
294 /* Start with the ones where counters say enough */
295 if (ctxfncnt != 2) {
296 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
297 "missing %s newctx or freectx:%s", signature->type_name, desc);
298 valid = 0;
299 }
300 if (valid
301 && ((gparamfncnt != 0 && gparamfncnt != 2)
302 || (sparamfncnt != 0 && sparamfncnt != 2)
303 || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
304 || (smdparamfncnt != 0 && smdparamfncnt != 2))) {
305 /*
306 * Params functions are optional, but if defined, they must
307 * be pairwise complete sets, i.e. a getter must have an
308 * associated gettable, etc
309 */
310 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
311 "missing %s params getter or setter:%s", signature->type_name, desc);
312 valid = 0;
313 }
314 if (valid && initfncnt == 0) {
315 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
316 "missing %s init:%s", signature->type_name, desc);
317 valid = 0;
318 }
319
320 /* Now we check for function combinations */
321 if (valid
322 && ((signature->sign_init != NULL
323 && signature->sign == NULL)
324 || (signature->sign_message_init != NULL
325 && signature->sign == NULL
326 && (signature->sign_message_update == NULL
327 || signature->sign_message_final == NULL)))) {
328 /* sign_init function(s) with no signing function? That's weird */
329 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
330 "missing %s signing function:%s", signature->type_name, desc);
331 valid = 0;
332 }
333 if (valid
334 && (signature->sign != NULL
335 || signature->sign_message_update != NULL
336 || signature->sign_message_final != NULL)
337 && signature->sign_init == NULL
338 && signature->sign_message_init == NULL) {
339 /* signing function(s) with no sign_init? That's odd */
340 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
341 "missing %s sign_init or sign_message_init:%s", signature->type_name, desc);
342 valid = 0;
343 }
344
345 if (valid
346 && ((signature->verify_init != NULL
347 && signature->verify == NULL)
348 || (signature->verify_message_init != NULL
349 && signature->verify == NULL
350 && (signature->verify_message_update == NULL
351 || signature->verify_message_final == NULL)))) {
352 /* verify_init function(s) with no verification function? That's weird */
353 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
354 "missing %s verification function:%s", signature->type_name, desc);
355 valid = 0;
356 }
357 if (valid
358 && (signature->verify != NULL
359 || signature->verify_message_update != NULL
360 || signature->verify_message_final != NULL)
361 && signature->verify_init == NULL
362 && signature->verify_message_init == NULL) {
363 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
364 "missing %s verify_init or verify_message_init:%s",
365 signature->type_name, desc);
366 /* verification function(s) with no verify_init? That's odd */
367 valid = 0;
368 }
369
370 if (valid
371 && (signature->verify_recover_init != NULL)
372 && (signature->verify_recover == NULL)) {
373 /* verify_recover_init function with no verify_recover? How quaint */
374 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
375 "missing %s verify_recover:%s", signature->type_name, desc);
376 valid = 0;
377 }
378
379 if (valid
380 && (signature->digest_sign_init != NULL
381 && signature->digest_sign == NULL
382 && (signature->digest_sign_update == NULL
383 || signature->digest_sign_final == NULL))) {
384 /* You can't have a digest_sign_init without *some* performing functions */
385 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
386 "missing %s digest_sign function:%s", signature->type_name, desc);
387 valid = 0;
388 }
389
390 if (valid
391 && ((signature->digest_verify_init != NULL
392 && signature->digest_verify == NULL
393 && (signature->digest_verify_update == NULL
394 || signature->digest_verify_final == NULL)))) {
395 /* You can't have a digest_verify_init without *some* performing functions */
396 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
397 "missing %s digest_verify function:%s", signature->type_name, desc);
398 valid = 0;
399 }
400
401 if (!valid)
402 goto err;
403
404 if ((signature->digest_sign != NULL
405 || signature->digest_sign_update != NULL
406 || signature->digest_sign_final != NULL)
407 && signature->digest_sign_init == NULL) {
408 /* digest signing function(s) with no digest_sign_init? That's odd */
409 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
410 "missing %s digest_sign_init:%s", signature->type_name, desc);
411 goto err;
412 }
413
414 if ((signature->digest_verify != NULL
415 || signature->digest_verify_update != NULL
416 || signature->digest_verify_final != NULL)
417 && signature->digest_verify_init == NULL) {
418 /* digest verification function(s) with no digest_verify_init? That's odd */
419 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
420 "missing %s digest_verify_init:%s", signature->type_name, desc);
421 goto err;
422 }
423
424 if ((signature->sign_message_update == NULL) !=
425 (signature->sign_message_final == NULL)) {
426 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
427 "only one of %s message signing update and final available:%s",
428 signature->type_name, desc);
429 goto err;
430 }
431 if ((signature->verify_message_update == NULL) !=
432 (signature->verify_message_final == NULL)) {
433 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
434 "only one of %s message verification update and final available:%s",
435 signature->type_name, desc);
436 goto err;
437 }
438 if ((signature->digest_sign_update == NULL) !=
439 (signature->digest_sign_final == NULL)) {
440 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
441 "only one of %s digest signing update and final available:%s",
442 signature->type_name, desc);
443 goto err;
444 }
445 if ((signature->digest_verify_update == NULL) !=
446 (signature->digest_verify_final == NULL)) {
447 ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
448 "only one of %s digest verification update and final available:%s",
449 signature->type_name, desc);
450 goto err;
451 }
452
453 return signature;
454 err:
455 EVP_SIGNATURE_free(signature);
456 return NULL;
457 }
458
EVP_SIGNATURE_free(EVP_SIGNATURE * signature)459 void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
460 {
461 int i;
462
463 if (signature == NULL)
464 return;
465 CRYPTO_DOWN_REF(&signature->refcnt, &i);
466 if (i > 0)
467 return;
468 OPENSSL_free(signature->type_name);
469 ossl_provider_free(signature->prov);
470 CRYPTO_FREE_REF(&signature->refcnt);
471 OPENSSL_free(signature);
472 }
473
EVP_SIGNATURE_up_ref(EVP_SIGNATURE * signature)474 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
475 {
476 int ref = 0;
477
478 CRYPTO_UP_REF(&signature->refcnt, &ref);
479 return 1;
480 }
481
EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE * signature)482 OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature)
483 {
484 return signature->prov;
485 }
486
EVP_SIGNATURE_fetch(OSSL_LIB_CTX * ctx,const char * algorithm,const char * properties)487 EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
488 const char *properties)
489 {
490 return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
491 evp_signature_from_algorithm,
492 evp_signature_up_ref,
493 evp_signature_free);
494 }
495
evp_signature_fetch_from_prov(OSSL_PROVIDER * prov,const char * algorithm,const char * properties)496 EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov,
497 const char *algorithm,
498 const char *properties)
499 {
500 return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE,
501 algorithm, properties,
502 evp_signature_from_algorithm,
503 evp_signature_up_ref,
504 evp_signature_free);
505 }
506
EVP_SIGNATURE_is_a(const EVP_SIGNATURE * signature,const char * name)507 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
508 {
509 return signature != NULL
510 && evp_is_a(signature->prov, signature->name_id, NULL, name);
511 }
512
evp_signature_get_number(const EVP_SIGNATURE * signature)513 int evp_signature_get_number(const EVP_SIGNATURE *signature)
514 {
515 return signature->name_id;
516 }
517
EVP_SIGNATURE_get0_name(const EVP_SIGNATURE * signature)518 const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature)
519 {
520 return signature->type_name;
521 }
522
EVP_SIGNATURE_get0_description(const EVP_SIGNATURE * signature)523 const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature)
524 {
525 return signature->description;
526 }
527
EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_SIGNATURE * signature,void * arg),void * arg)528 void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
529 void (*fn)(EVP_SIGNATURE *signature,
530 void *arg),
531 void *arg)
532 {
533 evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
534 (void (*)(void *, void *))fn, arg,
535 evp_signature_from_algorithm,
536 evp_signature_up_ref,
537 evp_signature_free);
538 }
539
540
EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE * signature,void (* fn)(const char * name,void * data),void * data)541 int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
542 void (*fn)(const char *name, void *data),
543 void *data)
544 {
545 if (signature->prov != NULL)
546 return evp_names_do_all(signature->prov, signature->name_id, fn, data);
547
548 return 1;
549 }
550
EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE * sig)551 const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig)
552 {
553 void *provctx;
554
555 if (sig == NULL || sig->gettable_ctx_params == NULL)
556 return NULL;
557
558 provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
559 return sig->gettable_ctx_params(NULL, provctx);
560 }
561
EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE * sig)562 const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig)
563 {
564 void *provctx;
565
566 if (sig == NULL || sig->settable_ctx_params == NULL)
567 return NULL;
568
569 provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
570 return sig->settable_ctx_params(NULL, provctx);
571 }
572
evp_pkey_signature_init(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * signature,int operation,const OSSL_PARAM params[])573 static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
574 int operation, const OSSL_PARAM params[])
575 {
576 const char *desc;
577 int ret = 0;
578 void *provkey = NULL;
579 EVP_KEYMGMT *tmp_keymgmt = NULL;
580 const OSSL_PROVIDER *tmp_prov = NULL;
581 const char *supported_sig = NULL;
582 int iter;
583
584 if (ctx == NULL) {
585 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
586 return -1;
587 }
588
589 evp_pkey_ctx_free_old_ops(ctx);
590 ctx->operation = operation;
591
592 if (signature != NULL) {
593 /*
594 * It's important to figure out what the key type should be, and if
595 * that is what we have in ctx.
596 */
597
598 EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
599
600 if (ctx->pkey == NULL) {
601 ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
602 goto err;
603 }
604
605 /*
606 * Ensure that the key is provided, either natively, or as a
607 * cached export. We start by fetching the keymgmt with the same
608 * name as |ctx->pkey|, but from the provider of the signature
609 * method, using the same property query as when fetching the
610 * signature method. With the keymgmt we found (if we did), we
611 * try to export |ctx->pkey| to it (evp_pkey_export_to_provider()
612 * is smart enough to only actually export it if |tmp_keymgmt|
613 * is different from |ctx->pkey|'s keymgmt)
614 */
615 tmp_prov = EVP_SIGNATURE_get0_provider(signature);
616 tmp_keymgmt_tofree = tmp_keymgmt =
617 evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
618 EVP_KEYMGMT_get0_name(ctx->keymgmt),
619 ctx->propquery);
620 if (tmp_keymgmt != NULL)
621 provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
622 &tmp_keymgmt, ctx->propquery);
623 if (tmp_keymgmt == NULL)
624 EVP_KEYMGMT_free(tmp_keymgmt_tofree);
625
626 if (provkey == NULL)
627 goto end;
628
629 /*
630 * Check that the signature matches the given key. This is not
631 * designed to work with legacy keys, so has to be done after we've
632 * ensured that the key is at least exported to a provider (above).
633 */
634 if (signature->query_key_types != NULL) {
635 /* This is expected to be a NULL-terminated array */
636 const char **keytypes;
637
638 keytypes = signature->query_key_types();
639 for (; *keytypes != NULL; keytypes++)
640 if (EVP_PKEY_CTX_is_a(ctx, *keytypes))
641 break;
642 if (*keytypes == NULL) {
643 ERR_raise(ERR_LIB_EVP, EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE);
644 return -2;
645 }
646 } else {
647 /*
648 * Fallback 1:
649 * check if the keytype is the same as the signature algorithm name
650 */
651 const char *keytype = EVP_KEYMGMT_get0_name(ctx->keymgmt);
652 int ok = EVP_SIGNATURE_is_a(signature, keytype);
653
654 /*
655 * Fallback 2:
656 * query the pkey for a default signature algorithm name, and check
657 * if it matches the signature implementation
658 */
659 if (!ok) {
660 const char *signame
661 = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
662 OSSL_OP_SIGNATURE);
663
664 ok = EVP_SIGNATURE_is_a(signature, signame);
665 }
666
667 /* If none of the fallbacks helped, we're lost */
668 if (!ok) {
669 ERR_raise(ERR_LIB_EVP, EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE);
670 return -2;
671 }
672 }
673
674 if (!EVP_SIGNATURE_up_ref(signature))
675 return 0;
676 } else {
677 /* Without a pre-fetched signature, it must be figured out somehow */
678 ERR_set_mark();
679
680 if (evp_pkey_ctx_is_legacy(ctx))
681 goto legacy;
682
683 if (ctx->pkey == NULL) {
684 ERR_clear_last_mark();
685 ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
686 goto err;
687 }
688
689 /*
690 * Try to derive the supported signature from |ctx->keymgmt|.
691 */
692 if (!ossl_assert(ctx->pkey->keymgmt == NULL
693 || ctx->pkey->keymgmt == ctx->keymgmt)) {
694 ERR_clear_last_mark();
695 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
696 goto err;
697 }
698 supported_sig
699 = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
700 OSSL_OP_SIGNATURE);
701 if (supported_sig == NULL) {
702 ERR_clear_last_mark();
703 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
704 goto err;
705 }
706
707 /*
708 * We perform two iterations:
709 *
710 * 1. Do the normal signature fetch, using the fetching data given by
711 * the EVP_PKEY_CTX.
712 * 2. Do the provider specific signature fetch, from the same provider
713 * as |ctx->keymgmt|
714 *
715 * We then try to fetch the keymgmt from the same provider as the
716 * signature, and try to export |ctx->pkey| to that keymgmt (when
717 * this keymgmt happens to be the same as |ctx->keymgmt|, the export
718 * is a no-op, but we call it anyway to not complicate the code even
719 * more).
720 * If the export call succeeds (returns a non-NULL provider key pointer),
721 * we're done and can perform the operation itself. If not, we perform
722 * the second iteration, or jump to legacy.
723 */
724 for (iter = 1; iter < 3 && provkey == NULL; iter++) {
725 EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
726
727 /*
728 * If we're on the second iteration, free the results from the first.
729 * They are NULL on the first iteration, so no need to check what
730 * iteration we're on.
731 */
732 EVP_SIGNATURE_free(signature);
733 EVP_KEYMGMT_free(tmp_keymgmt);
734
735 switch (iter) {
736 case 1:
737 signature =
738 EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
739 if (signature != NULL)
740 tmp_prov = EVP_SIGNATURE_get0_provider(signature);
741 break;
742 case 2:
743 tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
744 signature =
745 evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
746 supported_sig, ctx->propquery);
747 if (signature == NULL)
748 goto legacy;
749 break;
750 }
751 if (signature == NULL)
752 continue;
753
754 /*
755 * Ensure that the key is provided, either natively, or as a
756 * cached export. We start by fetching the keymgmt with the same
757 * name as |ctx->pkey|, but from the provider of the signature
758 * method, using the same property query as when fetching the
759 * signature method. With the keymgmt we found (if we did), we
760 * try to export |ctx->pkey| to it (evp_pkey_export_to_provider()
761 * is smart enough to only actually export it if |tmp_keymgmt|
762 * is different from |ctx->pkey|'s keymgmt)
763 */
764 tmp_keymgmt_tofree = tmp_keymgmt =
765 evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
766 EVP_KEYMGMT_get0_name(ctx->keymgmt),
767 ctx->propquery);
768 if (tmp_keymgmt != NULL)
769 provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
770 &tmp_keymgmt, ctx->propquery);
771 if (tmp_keymgmt == NULL)
772 EVP_KEYMGMT_free(tmp_keymgmt_tofree);
773 }
774
775 if (provkey == NULL) {
776 EVP_SIGNATURE_free(signature);
777 goto legacy;
778 }
779
780 ERR_pop_to_mark();
781 }
782
783 /* No more legacy from here down to legacy: */
784
785 ctx->op.sig.signature = signature;
786 desc = signature->description != NULL ? signature->description : "";
787
788 ctx->op.sig.algctx =
789 signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
790 if (ctx->op.sig.algctx == NULL) {
791 /* The provider key can stay in the cache */
792 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
793 goto err;
794 }
795
796 switch (operation) {
797 case EVP_PKEY_OP_SIGN:
798 if (signature->sign_init == NULL) {
799 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
800 "%s sign_init:%s", signature->type_name, desc);
801 ret = -2;
802 goto err;
803 }
804 ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
805 break;
806 case EVP_PKEY_OP_SIGNMSG:
807 if (signature->sign_message_init == NULL) {
808 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
809 "%s sign_message_init:%s", signature->type_name, desc);
810 ret = -2;
811 goto err;
812 }
813 ret = signature->sign_message_init(ctx->op.sig.algctx, provkey, params);
814 break;
815 case EVP_PKEY_OP_VERIFY:
816 if (signature->verify_init == NULL) {
817 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
818 "%s verify_init:%s", signature->type_name, desc);
819 ret = -2;
820 goto err;
821 }
822 ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
823 break;
824 case EVP_PKEY_OP_VERIFYMSG:
825 if (signature->verify_message_init == NULL) {
826 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
827 "%s verify_message_init:%s", signature->type_name, desc);
828 ret = -2;
829 goto err;
830 }
831 ret = signature->verify_message_init(ctx->op.sig.algctx, provkey, params);
832 break;
833 case EVP_PKEY_OP_VERIFYRECOVER:
834 if (signature->verify_recover_init == NULL) {
835 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
836 "%s verify_recover_init:%s", signature->type_name, desc);
837 ret = -2;
838 goto err;
839 }
840 ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey, params);
841 break;
842 default:
843 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
844 goto err;
845 }
846
847 if (ret <= 0) {
848 signature->freectx(ctx->op.sig.algctx);
849 ctx->op.sig.algctx = NULL;
850 goto err;
851 }
852 goto end;
853
854 legacy:
855 /*
856 * If we don't have the full support we need with provided methods,
857 * let's go see if legacy does.
858 */
859 ERR_pop_to_mark();
860 EVP_KEYMGMT_free(tmp_keymgmt);
861 tmp_keymgmt = NULL;
862
863 if (ctx->pmeth == NULL
864 || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
865 || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
866 || (operation == EVP_PKEY_OP_VERIFYRECOVER
867 && ctx->pmeth->verify_recover == NULL)) {
868 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
869 return -2;
870 }
871
872 switch (operation) {
873 case EVP_PKEY_OP_SIGN:
874 if (ctx->pmeth->sign_init == NULL)
875 return 1;
876 ret = ctx->pmeth->sign_init(ctx);
877 break;
878 case EVP_PKEY_OP_VERIFY:
879 if (ctx->pmeth->verify_init == NULL)
880 return 1;
881 ret = ctx->pmeth->verify_init(ctx);
882 break;
883 case EVP_PKEY_OP_VERIFYRECOVER:
884 if (ctx->pmeth->verify_recover_init == NULL)
885 return 1;
886 ret = ctx->pmeth->verify_recover_init(ctx);
887 break;
888 default:
889 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
890 goto err;
891 }
892 if (ret <= 0)
893 goto err;
894 end:
895 #ifndef FIPS_MODULE
896 if (ret > 0)
897 ret = evp_pkey_ctx_use_cached_data(ctx);
898 #endif
899
900 EVP_KEYMGMT_free(tmp_keymgmt);
901 return ret;
902 err:
903 evp_pkey_ctx_free_old_ops(ctx);
904 ctx->operation = EVP_PKEY_OP_UNDEFINED;
905 EVP_KEYMGMT_free(tmp_keymgmt);
906 return ret;
907 }
908
EVP_PKEY_sign_init(EVP_PKEY_CTX * ctx)909 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
910 {
911 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN, NULL);
912 }
913
EVP_PKEY_sign_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])914 int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
915 {
916 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN, params);
917 }
918
EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])919 int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *ctx,
920 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
921 {
922 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_SIGN, params);
923 }
924
EVP_PKEY_sign_message_init(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])925 int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *ctx,
926 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
927 {
928 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_SIGNMSG, params);
929 }
930
EVP_PKEY_sign_message_update(EVP_PKEY_CTX * ctx,const unsigned char * in,size_t inlen)931 int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
932 const unsigned char *in, size_t inlen)
933 {
934 EVP_SIGNATURE *signature;
935 const char *desc;
936 int ret;
937
938 if (ctx == NULL) {
939 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
940 return -1;
941 }
942
943 if (ctx->operation != EVP_PKEY_OP_SIGNMSG) {
944 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
945 return -1;
946 }
947
948 signature = ctx->op.sig.signature;
949 desc = signature->description != NULL ? signature->description : "";
950 if (signature->sign_message_update == NULL) {
951 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
952 "%s sign_message_update:%s", signature->type_name, desc);
953 return -2;
954 }
955
956 ret = signature->sign_message_update(ctx->op.sig.algctx, in, inlen);
957 if (ret <= 0)
958 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
959 "%s sign_message_update:%s", signature->type_name, desc);
960 return ret;
961 }
962
EVP_PKEY_sign_message_final(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen)963 int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
964 unsigned char *sig, size_t *siglen)
965 {
966 EVP_SIGNATURE *signature;
967 const char *desc;
968 int ret;
969
970 if (ctx == NULL) {
971 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
972 return -1;
973 }
974
975 if (ctx->operation != EVP_PKEY_OP_SIGNMSG) {
976 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
977 return -1;
978 }
979
980 signature = ctx->op.sig.signature;
981 desc = signature->description != NULL ? signature->description : "";
982 if (signature->sign_message_final == NULL) {
983 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
984 "%s sign_message_final:%s", signature->type_name, desc);
985 return -2;
986 }
987
988 ret = signature->sign_message_final(ctx->op.sig.algctx, sig, siglen,
989 (sig == NULL) ? 0 : *siglen);
990 if (ret <= 0)
991 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
992 "%s sign_message_final:%s", signature->type_name, desc);
993 return ret;
994 }
995
EVP_PKEY_sign(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)996 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
997 unsigned char *sig, size_t *siglen,
998 const unsigned char *tbs, size_t tbslen)
999 {
1000 EVP_SIGNATURE *signature;
1001 const char *desc;
1002 int ret;
1003
1004 if (ctx == NULL) {
1005 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1006 return -1;
1007 }
1008
1009 if (ctx->operation != EVP_PKEY_OP_SIGN
1010 && ctx->operation != EVP_PKEY_OP_SIGNMSG) {
1011 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1012 return -1;
1013 }
1014
1015 if (ctx->op.sig.algctx == NULL)
1016 goto legacy;
1017
1018 signature = ctx->op.sig.signature;
1019 desc = signature->description != NULL ? signature->description : "";
1020 if (signature->sign == NULL) {
1021 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
1022 "%s sign:%s", signature->type_name, desc);
1023 return -2;
1024 }
1025
1026 ret = signature->sign(ctx->op.sig.algctx, sig, siglen,
1027 (sig == NULL) ? 0 : *siglen, tbs, tbslen);
1028 if (ret <= 0)
1029 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
1030 "%s sign:%s", signature->type_name, desc);
1031 return ret;
1032 legacy:
1033
1034 if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
1035 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1036 return -2;
1037 }
1038
1039 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
1040 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
1041 }
1042
EVP_PKEY_verify_init(EVP_PKEY_CTX * ctx)1043 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
1044 {
1045 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY, NULL);
1046 }
1047
EVP_PKEY_verify_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])1048 int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
1049 {
1050 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY, params);
1051 }
1052
EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])1053 int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *ctx,
1054 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
1055 {
1056 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFY, params);
1057 }
1058
EVP_PKEY_verify_message_init(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])1059 int EVP_PKEY_verify_message_init(EVP_PKEY_CTX *ctx,
1060 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
1061 {
1062 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFYMSG, params);
1063 }
1064
EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX * ctx,const unsigned char * sig,size_t siglen)1065 int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *ctx,
1066 const unsigned char *sig, size_t siglen)
1067 {
1068 OSSL_PARAM sig_params[2], *p = sig_params;
1069
1070 if (ctx == NULL) {
1071 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1072 return 0;
1073 }
1074
1075 *p++ = OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE,
1076 /*
1077 * Cast away the const. This is
1078 * read only so should be safe
1079 */
1080 (char *)sig, siglen);
1081 *p = OSSL_PARAM_construct_end();
1082
1083 return EVP_PKEY_CTX_set_params(ctx, sig_params);
1084 }
1085
EVP_PKEY_verify_message_update(EVP_PKEY_CTX * ctx,const unsigned char * in,size_t inlen)1086 int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
1087 const unsigned char *in, size_t inlen)
1088 {
1089 EVP_SIGNATURE *signature;
1090 const char *desc;
1091 int ret;
1092
1093 if (ctx == NULL) {
1094 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1095 return -1;
1096 }
1097
1098 if (ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
1099 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1100 return -1;
1101 }
1102
1103 signature = ctx->op.sig.signature;
1104 desc = signature->description != NULL ? signature->description : "";
1105 if (signature->verify_message_update == NULL) {
1106 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
1107 "%s verify_message_update:%s", signature->type_name, desc);
1108 return -2;
1109 }
1110
1111 ret = signature->verify_message_update(ctx->op.sig.algctx, in, inlen);
1112 if (ret <= 0)
1113 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
1114 "%s verify_message_update:%s", signature->type_name, desc);
1115 return ret;
1116 }
1117
EVP_PKEY_verify_message_final(EVP_PKEY_CTX * ctx)1118 int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx)
1119 {
1120 EVP_SIGNATURE *signature;
1121 const char *desc;
1122 int ret;
1123
1124 if (ctx == NULL) {
1125 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1126 return -1;
1127 }
1128
1129 if (ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
1130 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1131 return -1;
1132 }
1133
1134 signature = ctx->op.sig.signature;
1135 desc = signature->description != NULL ? signature->description : "";
1136 if (signature->verify_message_final == NULL) {
1137 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
1138 "%s verify_message_final:%s", signature->type_name, desc);
1139 return -2;
1140 }
1141
1142 /* The signature must have been set with EVP_PKEY_CTX_set_signature() */
1143 ret = signature->verify_message_final(ctx->op.sig.algctx);
1144 if (ret <= 0)
1145 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
1146 "%s verify_message_final:%s", signature->type_name, desc);
1147 return ret;
1148 }
1149
EVP_PKEY_verify(EVP_PKEY_CTX * ctx,const unsigned char * sig,size_t siglen,const unsigned char * tbs,size_t tbslen)1150 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
1151 const unsigned char *sig, size_t siglen,
1152 const unsigned char *tbs, size_t tbslen)
1153 {
1154 EVP_SIGNATURE *signature;
1155 const char *desc;
1156 int ret;
1157
1158 if (ctx == NULL) {
1159 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1160 return -1;
1161 }
1162
1163 if (ctx->operation != EVP_PKEY_OP_VERIFY
1164 && ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
1165 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1166 return -1;
1167 }
1168
1169 if (ctx->op.sig.algctx == NULL)
1170 goto legacy;
1171
1172 signature = ctx->op.sig.signature;
1173 desc = signature->description != NULL ? signature->description : "";
1174 if (signature->verify == NULL) {
1175 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
1176 "%s verify:%s", signature->type_name, desc);
1177 return -2;
1178 }
1179
1180 ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
1181 tbs, tbslen);
1182 if (ret <= 0)
1183 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
1184 "%s verify:%s", signature->type_name, desc);
1185
1186 return ret;
1187 legacy:
1188 if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
1189 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1190 return -2;
1191 }
1192
1193 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
1194 }
1195
EVP_PKEY_verify_recover_init(EVP_PKEY_CTX * ctx)1196 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
1197 {
1198 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER, NULL);
1199 }
1200
EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])1201 int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
1202 const OSSL_PARAM params[])
1203 {
1204 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER, params);
1205 }
1206
EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])1207 int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *ctx,
1208 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
1209 {
1210 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFYRECOVER, params);
1211 }
1212
EVP_PKEY_verify_recover(EVP_PKEY_CTX * ctx,unsigned char * rout,size_t * routlen,const unsigned char * sig,size_t siglen)1213 int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
1214 unsigned char *rout, size_t *routlen,
1215 const unsigned char *sig, size_t siglen)
1216 {
1217 EVP_SIGNATURE *signature;
1218 const char *desc;
1219 int ret;
1220
1221 if (ctx == NULL) {
1222 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1223 return -1;
1224 }
1225
1226 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
1227 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1228 return -1;
1229 }
1230
1231 if (ctx->op.sig.algctx == NULL)
1232 goto legacy;
1233
1234 signature = ctx->op.sig.signature;
1235 desc = signature->description != NULL ? signature->description : "";
1236 if (signature->verify_recover == NULL) {
1237 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
1238 "%s verify_recover:%s", signature->type_name, desc);
1239 return -2;
1240 }
1241
1242 ret = signature->verify_recover(ctx->op.sig.algctx, rout, routlen,
1243 (rout == NULL ? 0 : *routlen), sig, siglen);
1244 if (ret <= 0)
1245 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
1246 "%s verify_recover:%s", signature->type_name, desc);
1247 return ret;
1248 legacy:
1249 if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
1250 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1251 return -2;
1252 }
1253 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
1254 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
1255 }
1256