1 /*
2 * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/err.h>
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <openssl/core_names.h>
14 #include <openssl/objects.h>
15 #include <openssl/evp.h>
16 #include "internal/numbers.h" /* includes SIZE_MAX */
17 #include "internal/cryptlib.h"
18 #include "internal/provider.h"
19 #include "internal/core.h"
20 #include "crypto/evp.h"
21 #include "evp_local.h"
22
evp_signature_new(OSSL_PROVIDER * prov)23 static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
24 {
25 EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
26
27 if (signature == NULL)
28 return NULL;
29
30 if (!CRYPTO_NEW_REF(&signature->refcnt, 1)) {
31 OPENSSL_free(signature);
32 return NULL;
33 }
34
35 signature->prov = prov;
36 ossl_provider_up_ref(prov);
37
38 return signature;
39 }
40
evp_signature_from_algorithm(int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)41 static void *evp_signature_from_algorithm(int name_id,
42 const OSSL_ALGORITHM *algodef,
43 OSSL_PROVIDER *prov)
44 {
45 const OSSL_DISPATCH *fns = algodef->implementation;
46 EVP_SIGNATURE *signature = NULL;
47 /* Counts newctx / freectx */
48 int ctxfncnt = 0;
49 /* Counts all init functions */
50 int initfncnt = 0;
51 /* Counts all parameter functions */
52 int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
53 int valid = 0;
54
55 if ((signature = evp_signature_new(prov)) == NULL) {
56 ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
57 goto err;
58 }
59
60 signature->name_id = name_id;
61 if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
62 goto err;
63 signature->description = algodef->algorithm_description;
64
65 for (; fns->function_id != 0; fns++) {
66 switch (fns->function_id) {
67 case OSSL_FUNC_SIGNATURE_NEWCTX:
68 if (signature->newctx != NULL)
69 break;
70 signature->newctx = OSSL_FUNC_signature_newctx(fns);
71 ctxfncnt++;
72 break;
73 case OSSL_FUNC_SIGNATURE_SIGN_INIT:
74 if (signature->sign_init != NULL)
75 break;
76 signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
77 initfncnt++;
78 break;
79 case OSSL_FUNC_SIGNATURE_SIGN:
80 if (signature->sign != NULL)
81 break;
82 signature->sign = OSSL_FUNC_signature_sign(fns);
83 break;
84 case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT:
85 if (signature->sign_message_init != NULL)
86 break;
87 signature->sign_message_init
88 = OSSL_FUNC_signature_sign_message_init(fns);
89 initfncnt++;
90 break;
91 case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE:
92 if (signature->sign_message_update != NULL)
93 break;
94 signature->sign_message_update
95 = OSSL_FUNC_signature_sign_message_update(fns);
96 break;
97 case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL:
98 if (signature->sign_message_final != NULL)
99 break;
100 signature->sign_message_final
101 = OSSL_FUNC_signature_sign_message_final(fns);
102 break;
103 case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
104 if (signature->verify_init != NULL)
105 break;
106 signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
107 initfncnt++;
108 break;
109 case OSSL_FUNC_SIGNATURE_VERIFY:
110 if (signature->verify != NULL)
111 break;
112 signature->verify = OSSL_FUNC_signature_verify(fns);
113 break;
114 case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT:
115 if (signature->verify_message_init != NULL)
116 break;
117 signature->verify_message_init
118 = OSSL_FUNC_signature_verify_message_init(fns);
119 initfncnt++;
120 break;
121 case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE:
122 if (signature->verify_message_update != NULL)
123 break;
124 signature->verify_message_update
125 = OSSL_FUNC_signature_verify_message_update(fns);
126 break;
127 case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL:
128 if (signature->verify_message_final != NULL)
129 break;
130 signature->verify_message_final
131 = OSSL_FUNC_signature_verify_message_final(fns);
132 break;
133 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
134 if (signature->verify_recover_init != NULL)
135 break;
136 signature->verify_recover_init
137 = OSSL_FUNC_signature_verify_recover_init(fns);
138 initfncnt++;
139 break;
140 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
141 if (signature->verify_recover != NULL)
142 break;
143 signature->verify_recover
144 = OSSL_FUNC_signature_verify_recover(fns);
145 break;
146 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
147 if (signature->digest_sign_init != NULL)
148 break;
149 signature->digest_sign_init
150 = OSSL_FUNC_signature_digest_sign_init(fns);
151 initfncnt++;
152 break;
153 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
154 if (signature->digest_sign_update != NULL)
155 break;
156 signature->digest_sign_update
157 = OSSL_FUNC_signature_digest_sign_update(fns);
158 break;
159 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
160 if (signature->digest_sign_final != NULL)
161 break;
162 signature->digest_sign_final
163 = OSSL_FUNC_signature_digest_sign_final(fns);
164 break;
165 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
166 if (signature->digest_sign != NULL)
167 break;
168 signature->digest_sign
169 = OSSL_FUNC_signature_digest_sign(fns);
170 break;
171 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
172 if (signature->digest_verify_init != NULL)
173 break;
174 signature->digest_verify_init
175 = OSSL_FUNC_signature_digest_verify_init(fns);
176 initfncnt++;
177 break;
178 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
179 if (signature->digest_verify_update != NULL)
180 break;
181 signature->digest_verify_update
182 = OSSL_FUNC_signature_digest_verify_update(fns);
183 break;
184 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
185 if (signature->digest_verify_final != NULL)
186 break;
187 signature->digest_verify_final
188 = OSSL_FUNC_signature_digest_verify_final(fns);
189 break;
190 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
191 if (signature->digest_verify != NULL)
192 break;
193 signature->digest_verify
194 = OSSL_FUNC_signature_digest_verify(fns);
195 break;
196 case OSSL_FUNC_SIGNATURE_FREECTX:
197 if (signature->freectx != NULL)
198 break;
199 signature->freectx = OSSL_FUNC_signature_freectx(fns);
200 ctxfncnt++;
201 break;
202 case OSSL_FUNC_SIGNATURE_DUPCTX:
203 if (signature->dupctx != NULL)
204 break;
205 signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
206 break;
207 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
208 if (signature->get_ctx_params != NULL)
209 break;
210 signature->get_ctx_params
211 = OSSL_FUNC_signature_get_ctx_params(fns);
212 gparamfncnt++;
213 break;
214 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
215 if (signature->gettable_ctx_params != NULL)
216 break;
217 signature->gettable_ctx_params
218 = OSSL_FUNC_signature_gettable_ctx_params(fns);
219 gparamfncnt++;
220 break;
221 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
222 if (signature->set_ctx_params != NULL)
223 break;
224 signature->set_ctx_params
225 = OSSL_FUNC_signature_set_ctx_params(fns);
226 sparamfncnt++;
227 break;
228 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
229 if (signature->settable_ctx_params != NULL)
230 break;
231 signature->settable_ctx_params
232 = OSSL_FUNC_signature_settable_ctx_params(fns);
233 sparamfncnt++;
234 break;
235 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
236 if (signature->get_ctx_md_params != NULL)
237 break;
238 signature->get_ctx_md_params
239 = OSSL_FUNC_signature_get_ctx_md_params(fns);
240 gmdparamfncnt++;
241 break;
242 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
243 if (signature->gettable_ctx_md_params != NULL)
244 break;
245 signature->gettable_ctx_md_params
246 = OSSL_FUNC_signature_gettable_ctx_md_params(fns);
247 gmdparamfncnt++;
248 break;
249 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
250 if (signature->set_ctx_md_params != NULL)
251 break;
252 signature->set_ctx_md_params
253 = OSSL_FUNC_signature_set_ctx_md_params(fns);
254 smdparamfncnt++;
255 break;
256 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
257 if (signature->settable_ctx_md_params != NULL)
258 break;
259 signature->settable_ctx_md_params
260 = OSSL_FUNC_signature_settable_ctx_md_params(fns);
261 smdparamfncnt++;
262 break;
263 case OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES:
264 if (signature->query_key_types != NULL)
265 break;
266 signature->query_key_types
267 = OSSL_FUNC_signature_query_key_types(fns);
268 break;
269 }
270 }
271 /*
272 * In order to be a consistent set of functions we must have at least
273 * a set of context functions (newctx and freectx) as well as a set of
274 * "signature" functions. Because there's an overlap between some sets
275 * of functions, counters don't always cut it, we must test known
276 * combinations.
277 * We start by assuming the implementation is valid, and then look for
278 * reasons it's not.
279 */
280 valid = 1;
281 /* Start with the ones where counters say enough */
282 if (ctxfncnt != 2)
283 /* newctx or freectx missing */
284 valid = 0;
285 if (valid
286 && ((gparamfncnt != 0 && gparamfncnt != 2)
287 || (sparamfncnt != 0 && sparamfncnt != 2)
288 || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
289 || (smdparamfncnt != 0 && smdparamfncnt != 2)))
290 /*
291 * Params functions are optional, but if defined, they must
292 * be pairwise complete sets, i.e. a getter must have an
293 * associated gettable, etc
294 */
295 valid = 0;
296 if (valid && initfncnt == 0)
297 /* No init functions */
298 valid = 0;
299
300 /* Now we check for function combinations */
301 if (valid
302 && ((signature->sign_init != NULL
303 && signature->sign == NULL)
304 || (signature->sign_message_init != NULL
305 && signature->sign == NULL
306 && (signature->sign_message_update == NULL
307 || signature->sign_message_final == NULL))))
308 /* sign_init functions with no signing function? That's weird */
309 valid = 0;
310 if (valid
311 && (signature->sign != NULL
312 || signature->sign_message_update != NULL
313 || signature->sign_message_final != NULL)
314 && signature->sign_init == NULL
315 && signature->sign_message_init == NULL)
316 /* signing functions with no sign_init? That's odd */
317 valid = 0;
318
319 if (valid
320 && ((signature->verify_init != NULL
321 && signature->verify == NULL)
322 || (signature->verify_message_init != NULL
323 && signature->verify == NULL
324 && (signature->verify_message_update == NULL
325 || signature->verify_message_final == NULL))))
326 /* verify_init functions with no verification function? That's weird */
327 valid = 0;
328 if (valid
329 && (signature->verify != NULL
330 || signature->verify_message_update != NULL
331 || signature->verify_message_final != NULL)
332 && signature->verify_init == NULL
333 && signature->verify_message_init == NULL)
334 /* verification functions with no verify_init? That's odd */
335 valid = 0;
336
337 if (valid
338 && (signature->verify_recover_init != NULL)
339 && (signature->verify_recover == NULL))
340 /* verify_recover_init functions with no verify_recover? How quaint */
341 valid = 0;
342
343 if (valid
344 && (signature->digest_sign_init != NULL
345 && signature->digest_sign == NULL
346 && (signature->digest_sign_update == NULL
347 || signature->digest_sign_final == NULL)))
348 /*
349 * You can't have a digest_sign_init without *some* performing functions
350 */
351 valid = 0;
352
353 if (valid
354 && ((signature->digest_verify_init != NULL
355 && signature->digest_verify == NULL
356 && (signature->digest_verify_update == NULL
357 || signature->digest_verify_final == NULL))))
358 /*
359 * You can't have a digest_verify_init without *some* performing functions
360 */
361 valid = 0;
362
363 if (!valid) {
364 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
365 goto err;
366 }
367
368 return signature;
369 err:
370 EVP_SIGNATURE_free(signature);
371 return NULL;
372 }
373
EVP_SIGNATURE_free(EVP_SIGNATURE * signature)374 void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
375 {
376 int i;
377
378 if (signature == NULL)
379 return;
380 CRYPTO_DOWN_REF(&signature->refcnt, &i);
381 if (i > 0)
382 return;
383 OPENSSL_free(signature->type_name);
384 ossl_provider_free(signature->prov);
385 CRYPTO_FREE_REF(&signature->refcnt);
386 OPENSSL_free(signature);
387 }
388
EVP_SIGNATURE_up_ref(EVP_SIGNATURE * signature)389 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
390 {
391 int ref = 0;
392
393 CRYPTO_UP_REF(&signature->refcnt, &ref);
394 return 1;
395 }
396
EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE * signature)397 OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature)
398 {
399 return signature->prov;
400 }
401
EVP_SIGNATURE_fetch(OSSL_LIB_CTX * ctx,const char * algorithm,const char * properties)402 EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
403 const char *properties)
404 {
405 return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
406 evp_signature_from_algorithm,
407 (int (*)(void *))EVP_SIGNATURE_up_ref,
408 (void (*)(void *))EVP_SIGNATURE_free);
409 }
410
evp_signature_fetch_from_prov(OSSL_PROVIDER * prov,const char * algorithm,const char * properties)411 EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov,
412 const char *algorithm,
413 const char *properties)
414 {
415 return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE,
416 algorithm, properties,
417 evp_signature_from_algorithm,
418 (int (*)(void *))EVP_SIGNATURE_up_ref,
419 (void (*)(void *))EVP_SIGNATURE_free);
420 }
421
EVP_SIGNATURE_is_a(const EVP_SIGNATURE * signature,const char * name)422 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
423 {
424 return signature != NULL
425 && evp_is_a(signature->prov, signature->name_id, NULL, name);
426 }
427
evp_signature_get_number(const EVP_SIGNATURE * signature)428 int evp_signature_get_number(const EVP_SIGNATURE *signature)
429 {
430 return signature->name_id;
431 }
432
EVP_SIGNATURE_get0_name(const EVP_SIGNATURE * signature)433 const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature)
434 {
435 return signature->type_name;
436 }
437
EVP_SIGNATURE_get0_description(const EVP_SIGNATURE * signature)438 const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature)
439 {
440 return signature->description;
441 }
442
EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_SIGNATURE * signature,void * arg),void * arg)443 void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
444 void (*fn)(EVP_SIGNATURE *signature,
445 void *arg),
446 void *arg)
447 {
448 evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
449 (void (*)(void *, void *))fn, arg,
450 evp_signature_from_algorithm,
451 (int (*)(void *))EVP_SIGNATURE_up_ref,
452 (void (*)(void *))EVP_SIGNATURE_free);
453 }
454
455
EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE * signature,void (* fn)(const char * name,void * data),void * data)456 int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
457 void (*fn)(const char *name, void *data),
458 void *data)
459 {
460 if (signature->prov != NULL)
461 return evp_names_do_all(signature->prov, signature->name_id, fn, data);
462
463 return 1;
464 }
465
EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE * sig)466 const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig)
467 {
468 void *provctx;
469
470 if (sig == NULL || sig->gettable_ctx_params == NULL)
471 return NULL;
472
473 provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
474 return sig->gettable_ctx_params(NULL, provctx);
475 }
476
EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE * sig)477 const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig)
478 {
479 void *provctx;
480
481 if (sig == NULL || sig->settable_ctx_params == NULL)
482 return NULL;
483
484 provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
485 return sig->settable_ctx_params(NULL, provctx);
486 }
487
evp_pkey_signature_init(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * signature,int operation,const OSSL_PARAM params[])488 static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
489 int operation, const OSSL_PARAM params[])
490 {
491 int ret = 0;
492 void *provkey = NULL;
493 EVP_KEYMGMT *tmp_keymgmt = NULL;
494 const OSSL_PROVIDER *tmp_prov = NULL;
495 const char *supported_sig = NULL;
496 int iter;
497
498 if (ctx == NULL) {
499 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
500 return -1;
501 }
502
503 evp_pkey_ctx_free_old_ops(ctx);
504 ctx->operation = operation;
505
506 if (signature != NULL) {
507 /*
508 * It's important to figure out what the key type should be, and if
509 * that is what we have in ctx.
510 */
511
512 EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
513
514 if (ctx->pkey == NULL) {
515 ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
516 goto err;
517 }
518
519 /*
520 * Ensure that the key is provided, either natively, or as a
521 * cached export. We start by fetching the keymgmt with the same
522 * name as |ctx->pkey|, but from the provider of the signature
523 * method, using the same property query as when fetching the
524 * signature method. With the keymgmt we found (if we did), we
525 * try to export |ctx->pkey| to it (evp_pkey_export_to_provider()
526 * is smart enough to only actually export it if |tmp_keymgmt|
527 * is different from |ctx->pkey|'s keymgmt)
528 */
529 tmp_prov = EVP_SIGNATURE_get0_provider(signature);
530 tmp_keymgmt_tofree = tmp_keymgmt =
531 evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
532 EVP_KEYMGMT_get0_name(ctx->keymgmt),
533 ctx->propquery);
534 if (tmp_keymgmt != NULL)
535 provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
536 &tmp_keymgmt, ctx->propquery);
537 if (tmp_keymgmt == NULL)
538 EVP_KEYMGMT_free(tmp_keymgmt_tofree);
539
540 if (provkey == NULL)
541 goto end;
542
543 /*
544 * Check that the signature matches the given key. This is not
545 * designed to work with legacy keys, so has to be done after we've
546 * ensured that the key is at least exported to a provider (above).
547 */
548 if (signature->query_key_types != NULL) {
549 /* This is expect to be a NULL terminated array */
550 const char **keytypes;
551
552 keytypes = signature->query_key_types();
553 for (; *keytypes != NULL; keytypes++)
554 if (EVP_PKEY_CTX_is_a(ctx, *keytypes))
555 break;
556 if (*keytypes == NULL) {
557 ERR_raise(ERR_LIB_EVP, EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE);
558 return -2;
559 }
560 } else {
561 /*
562 * Fallback 1:
563 * check if the keytype is the same as the signature algorithm name
564 */
565 const char *keytype = EVP_KEYMGMT_get0_name(ctx->keymgmt);
566 int ok = EVP_SIGNATURE_is_a(signature, keytype);
567
568 /*
569 * Fallback 2:
570 * query the pkey for a default signature algorithm name, and check
571 * if it matches the signature implementation
572 */
573 if (!ok) {
574 const char *signame
575 = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
576 OSSL_OP_SIGNATURE);
577
578 ok = EVP_SIGNATURE_is_a(signature, signame);
579 }
580
581 /* If none of the fallbacks helped, we're lost */
582 if (!ok) {
583 ERR_raise(ERR_LIB_EVP, EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE);
584 return -2;
585 }
586 }
587
588 if (!EVP_SIGNATURE_up_ref(signature))
589 return 0;
590 } else {
591 /* Without a pre-fetched signature, it must be figured out somehow */
592 ERR_set_mark();
593
594 if (evp_pkey_ctx_is_legacy(ctx))
595 goto legacy;
596
597 if (ctx->pkey == NULL) {
598 ERR_clear_last_mark();
599 ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
600 goto err;
601 }
602
603 /*
604 * Try to derive the supported signature from |ctx->keymgmt|.
605 */
606 if (!ossl_assert(ctx->pkey->keymgmt == NULL
607 || ctx->pkey->keymgmt == ctx->keymgmt)) {
608 ERR_clear_last_mark();
609 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
610 goto err;
611 }
612 supported_sig
613 = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
614 OSSL_OP_SIGNATURE);
615 if (supported_sig == NULL) {
616 ERR_clear_last_mark();
617 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
618 goto err;
619 }
620
621 /*
622 * We perform two iterations:
623 *
624 * 1. Do the normal signature fetch, using the fetching data given by
625 * the EVP_PKEY_CTX.
626 * 2. Do the provider specific signature fetch, from the same provider
627 * as |ctx->keymgmt|
628 *
629 * We then try to fetch the keymgmt from the same provider as the
630 * signature, and try to export |ctx->pkey| to that keymgmt (when
631 * this keymgmt happens to be the same as |ctx->keymgmt|, the export
632 * is a no-op, but we call it anyway to not complicate the code even
633 * more).
634 * If the export call succeeds (returns a non-NULL provider key pointer),
635 * we're done and can perform the operation itself. If not, we perform
636 * the second iteration, or jump to legacy.
637 */
638 for (iter = 1; iter < 3 && provkey == NULL; iter++) {
639 EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
640
641 /*
642 * If we're on the second iteration, free the results from the first.
643 * They are NULL on the first iteration, so no need to check what
644 * iteration we're on.
645 */
646 EVP_SIGNATURE_free(signature);
647 EVP_KEYMGMT_free(tmp_keymgmt);
648
649 switch (iter) {
650 case 1:
651 signature =
652 EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
653 if (signature != NULL)
654 tmp_prov = EVP_SIGNATURE_get0_provider(signature);
655 break;
656 case 2:
657 tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
658 signature =
659 evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
660 supported_sig, ctx->propquery);
661 if (signature == NULL)
662 goto legacy;
663 break;
664 }
665 if (signature == NULL)
666 continue;
667
668 /*
669 * Ensure that the key is provided, either natively, or as a
670 * cached export. We start by fetching the keymgmt with the same
671 * name as |ctx->pkey|, but from the provider of the signature
672 * method, using the same property query as when fetching the
673 * signature method. With the keymgmt we found (if we did), we
674 * try to export |ctx->pkey| to it (evp_pkey_export_to_provider()
675 * is smart enough to only actually export it if |tmp_keymgmt|
676 * is different from |ctx->pkey|'s keymgmt)
677 */
678 tmp_keymgmt_tofree = tmp_keymgmt =
679 evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
680 EVP_KEYMGMT_get0_name(ctx->keymgmt),
681 ctx->propquery);
682 if (tmp_keymgmt != NULL)
683 provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
684 &tmp_keymgmt, ctx->propquery);
685 if (tmp_keymgmt == NULL)
686 EVP_KEYMGMT_free(tmp_keymgmt_tofree);
687 }
688
689 if (provkey == NULL) {
690 EVP_SIGNATURE_free(signature);
691 goto legacy;
692 }
693
694 ERR_pop_to_mark();
695 }
696
697 /* No more legacy from here down to legacy: */
698
699 ctx->op.sig.signature = signature;
700 ctx->op.sig.algctx =
701 signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
702 if (ctx->op.sig.algctx == NULL) {
703 /* The provider key can stay in the cache */
704 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
705 goto err;
706 }
707
708 switch (operation) {
709 case EVP_PKEY_OP_SIGN:
710 if (signature->sign_init == NULL) {
711 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
712 ret = -2;
713 goto err;
714 }
715 ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
716 break;
717 case EVP_PKEY_OP_SIGNMSG:
718 if (signature->sign_message_init == NULL) {
719 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
720 ret = -2;
721 goto err;
722 }
723 ret = signature->sign_message_init(ctx->op.sig.algctx, provkey, params);
724 break;
725 case EVP_PKEY_OP_VERIFY:
726 if (signature->verify_init == NULL) {
727 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
728 ret = -2;
729 goto err;
730 }
731 ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
732 break;
733 case EVP_PKEY_OP_VERIFYMSG:
734 if (signature->verify_message_init == NULL) {
735 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
736 ret = -2;
737 goto err;
738 }
739 ret = signature->verify_message_init(ctx->op.sig.algctx, provkey, params);
740 break;
741 case EVP_PKEY_OP_VERIFYRECOVER:
742 if (signature->verify_recover_init == NULL) {
743 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
744 ret = -2;
745 goto err;
746 }
747 ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey, params);
748 break;
749 default:
750 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
751 goto err;
752 }
753
754 if (ret <= 0) {
755 signature->freectx(ctx->op.sig.algctx);
756 ctx->op.sig.algctx = NULL;
757 goto err;
758 }
759 goto end;
760
761 legacy:
762 /*
763 * If we don't have the full support we need with provided methods,
764 * let's go see if legacy does.
765 */
766 ERR_pop_to_mark();
767 EVP_KEYMGMT_free(tmp_keymgmt);
768 tmp_keymgmt = NULL;
769
770 if (ctx->pmeth == NULL
771 || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
772 || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
773 || (operation == EVP_PKEY_OP_VERIFYRECOVER
774 && ctx->pmeth->verify_recover == NULL)) {
775 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
776 return -2;
777 }
778
779 switch (operation) {
780 case EVP_PKEY_OP_SIGN:
781 if (ctx->pmeth->sign_init == NULL)
782 return 1;
783 ret = ctx->pmeth->sign_init(ctx);
784 break;
785 case EVP_PKEY_OP_VERIFY:
786 if (ctx->pmeth->verify_init == NULL)
787 return 1;
788 ret = ctx->pmeth->verify_init(ctx);
789 break;
790 case EVP_PKEY_OP_VERIFYRECOVER:
791 if (ctx->pmeth->verify_recover_init == NULL)
792 return 1;
793 ret = ctx->pmeth->verify_recover_init(ctx);
794 break;
795 default:
796 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
797 goto err;
798 }
799 if (ret <= 0)
800 goto err;
801 end:
802 #ifndef FIPS_MODULE
803 if (ret > 0)
804 ret = evp_pkey_ctx_use_cached_data(ctx);
805 #endif
806
807 EVP_KEYMGMT_free(tmp_keymgmt);
808 return ret;
809 err:
810 evp_pkey_ctx_free_old_ops(ctx);
811 ctx->operation = EVP_PKEY_OP_UNDEFINED;
812 EVP_KEYMGMT_free(tmp_keymgmt);
813 return ret;
814 }
815
EVP_PKEY_sign_init(EVP_PKEY_CTX * ctx)816 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
817 {
818 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN, NULL);
819 }
820
EVP_PKEY_sign_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])821 int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
822 {
823 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN, params);
824 }
825
EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])826 int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *ctx,
827 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
828 {
829 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_SIGN, params);
830 }
831
EVP_PKEY_sign_message_init(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])832 int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *ctx,
833 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
834 {
835 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_SIGNMSG, params);
836 }
837
EVP_PKEY_sign_message_update(EVP_PKEY_CTX * ctx,const unsigned char * in,size_t inlen)838 int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
839 const unsigned char *in, size_t inlen)
840 {
841 if (ctx == NULL) {
842 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
843 return -1;
844 }
845
846 if (ctx->operation != EVP_PKEY_OP_SIGNMSG) {
847 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
848 return -1;
849 }
850
851 if (ctx->op.sig.signature->sign_message_update == NULL) {
852 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
853 return -2;
854 }
855
856 return ctx->op.sig.signature->sign_message_update(ctx->op.sig.algctx,
857 in, inlen);
858 }
859
EVP_PKEY_sign_message_final(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen)860 int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
861 unsigned char *sig, size_t *siglen)
862 {
863 if (ctx == NULL) {
864 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
865 return -1;
866 }
867
868 if (ctx->operation != EVP_PKEY_OP_SIGNMSG) {
869 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
870 return -1;
871 }
872
873 if (ctx->op.sig.signature->sign_message_final == NULL) {
874 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
875 return -2;
876 }
877
878 return ctx->op.sig.signature->sign_message_final(ctx->op.sig.algctx,
879 sig, siglen,
880 (sig == NULL) ? 0 : *siglen);
881 }
882
EVP_PKEY_sign(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)883 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
884 unsigned char *sig, size_t *siglen,
885 const unsigned char *tbs, size_t tbslen)
886 {
887 int ret;
888
889 if (ctx == NULL) {
890 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
891 return -1;
892 }
893
894 if (ctx->operation != EVP_PKEY_OP_SIGN
895 && ctx->operation != EVP_PKEY_OP_SIGNMSG) {
896 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
897 return -1;
898 }
899
900 if (ctx->op.sig.algctx == NULL)
901 goto legacy;
902
903 if (ctx->op.sig.signature->sign == NULL) {
904 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
905 return -2;
906 }
907
908 ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
909 (sig == NULL) ? 0 : *siglen, tbs, tbslen);
910
911 return ret;
912 legacy:
913
914 if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
915 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
916 return -2;
917 }
918
919 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
920 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
921 }
922
EVP_PKEY_verify_init(EVP_PKEY_CTX * ctx)923 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
924 {
925 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY, NULL);
926 }
927
EVP_PKEY_verify_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])928 int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
929 {
930 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY, params);
931 }
932
EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])933 int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *ctx,
934 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
935 {
936 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFY, params);
937 }
938
EVP_PKEY_verify_message_init(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])939 int EVP_PKEY_verify_message_init(EVP_PKEY_CTX *ctx,
940 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
941 {
942 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFYMSG, params);
943 }
944
EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX * ctx,const unsigned char * sig,size_t siglen)945 int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *ctx,
946 const unsigned char *sig, size_t siglen)
947 {
948 OSSL_PARAM sig_params[2], *p = sig_params;
949
950 if (ctx == NULL) {
951 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
952 return 0;
953 }
954
955 *p++ = OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE,
956 /*
957 * Cast away the const. This is
958 * read only so should be safe
959 */
960 (char *)sig, siglen);
961 *p = OSSL_PARAM_construct_end();
962
963 return EVP_PKEY_CTX_set_params(ctx, sig_params);
964 }
965
EVP_PKEY_verify_message_update(EVP_PKEY_CTX * ctx,const unsigned char * in,size_t inlen)966 int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
967 const unsigned char *in, size_t inlen)
968 {
969 if (ctx == NULL) {
970 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
971 return -1;
972 }
973
974 if (ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
975 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
976 return -1;
977 }
978
979 if (ctx->op.sig.signature->verify_message_update == NULL) {
980 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
981 return -2;
982 }
983
984 return ctx->op.sig.signature->verify_message_update(ctx->op.sig.algctx,
985 in, inlen);
986 }
987
EVP_PKEY_verify_message_final(EVP_PKEY_CTX * ctx)988 int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx)
989 {
990 if (ctx == NULL) {
991 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
992 return -1;
993 }
994
995 if (ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
996 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
997 return -1;
998 }
999
1000 if (ctx->op.sig.signature->verify_message_final == NULL) {
1001 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1002 return -2;
1003 }
1004
1005 /* The signature must have been set with EVP_PKEY_CTX_set_signature() */
1006 return ctx->op.sig.signature->verify_message_final(ctx->op.sig.algctx);
1007 }
1008
EVP_PKEY_verify(EVP_PKEY_CTX * ctx,const unsigned char * sig,size_t siglen,const unsigned char * tbs,size_t tbslen)1009 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
1010 const unsigned char *sig, size_t siglen,
1011 const unsigned char *tbs, size_t tbslen)
1012 {
1013 int ret;
1014
1015 if (ctx == NULL) {
1016 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1017 return -1;
1018 }
1019
1020 if (ctx->operation != EVP_PKEY_OP_VERIFY
1021 && ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
1022 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1023 return -1;
1024 }
1025
1026 if (ctx->op.sig.algctx == NULL)
1027 goto legacy;
1028
1029 if (ctx->op.sig.signature->verify == NULL) {
1030 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1031 return -2;
1032 }
1033
1034 ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
1035 tbs, tbslen);
1036
1037 return ret;
1038 legacy:
1039 if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
1040 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1041 return -2;
1042 }
1043
1044 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
1045 }
1046
EVP_PKEY_verify_recover_init(EVP_PKEY_CTX * ctx)1047 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
1048 {
1049 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER, NULL);
1050 }
1051
EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])1052 int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
1053 const OSSL_PARAM params[])
1054 {
1055 return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER, params);
1056 }
1057
EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM params[])1058 int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *ctx,
1059 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
1060 {
1061 return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFYRECOVER, params);
1062 }
1063
EVP_PKEY_verify_recover(EVP_PKEY_CTX * ctx,unsigned char * rout,size_t * routlen,const unsigned char * sig,size_t siglen)1064 int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
1065 unsigned char *rout, size_t *routlen,
1066 const unsigned char *sig, size_t siglen)
1067 {
1068 int ret;
1069
1070 if (ctx == NULL) {
1071 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1072 return -1;
1073 }
1074
1075 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
1076 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1077 return -1;
1078 }
1079
1080 if (ctx->op.sig.algctx == NULL)
1081 goto legacy;
1082
1083 if (ctx->op.sig.signature->verify_recover == NULL) {
1084 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1085 return -2;
1086 }
1087
1088 ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
1089 routlen,
1090 (rout == NULL ? 0 : *routlen),
1091 sig, siglen);
1092 return ret;
1093 legacy:
1094 if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
1095 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1096 return -2;
1097 }
1098 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
1099 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
1100 }
1101
