1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * ECDSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <string.h> /* memcpy */
17 #include <openssl/crypto.h>
18 #include <openssl/core_dispatch.h>
19 #include <openssl/core_names.h>
20 #include <openssl/dsa.h>
21 #include <openssl/params.h>
22 #include <openssl/evp.h>
23 #include <openssl/err.h>
24 #include <openssl/proverr.h>
25 #include "internal/nelem.h"
26 #include "internal/sizes.h"
27 #include "internal/cryptlib.h"
28 #include "internal/deterministic_nonce.h"
29 #include "prov/providercommon.h"
30 #include "prov/implementations.h"
31 #include "prov/provider_ctx.h"
32 #include "prov/securitycheck.h"
33 #include "prov/der_ec.h"
34 #include "crypto/ec.h"
35
36 static OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
37 static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init;
38 static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init;
39 static OSSL_FUNC_signature_sign_fn ecdsa_sign;
40 static OSSL_FUNC_signature_sign_message_update_fn ecdsa_signverify_message_update;
41 static OSSL_FUNC_signature_sign_message_final_fn ecdsa_sign_message_final;
42 static OSSL_FUNC_signature_verify_fn ecdsa_verify;
43 static OSSL_FUNC_signature_verify_message_update_fn ecdsa_signverify_message_update;
44 static OSSL_FUNC_signature_verify_message_final_fn ecdsa_verify_message_final;
45 static OSSL_FUNC_signature_digest_sign_init_fn ecdsa_digest_sign_init;
46 static OSSL_FUNC_signature_digest_sign_update_fn ecdsa_digest_signverify_update;
47 static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
48 static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init;
49 static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update;
50 static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final;
51 static OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
52 static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx;
53 static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types;
54 static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params;
55 static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params;
56 static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_set_ctx_params;
57 static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_settable_ctx_params;
58 static OSSL_FUNC_signature_get_ctx_md_params_fn ecdsa_get_ctx_md_params;
59 static OSSL_FUNC_signature_gettable_ctx_md_params_fn ecdsa_gettable_ctx_md_params;
60 static OSSL_FUNC_signature_set_ctx_md_params_fn ecdsa_set_ctx_md_params;
61 static OSSL_FUNC_signature_settable_ctx_md_params_fn ecdsa_settable_ctx_md_params;
62 static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_sigalg_set_ctx_params;
63 static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_sigalg_settable_ctx_params;
64
65 /*
66 * What's passed as an actual key is defined by the KEYMGMT interface.
67 * We happen to know that our KEYMGMT simply passes DSA structures, so
68 * we use that here too.
69 */
70
71 typedef struct {
72 OSSL_LIB_CTX *libctx;
73 char *propq;
74 EC_KEY *ec;
75 /* |operation| reuses EVP's operation bitfield */
76 int operation;
77
78 /*
79 * Flag to determine if a full sigalg is run (1) or if a composable
80 * signature algorithm is run (0).
81 *
82 * When a full sigalg is run (1), this currently affects the following
83 * other flags, which are to remain untouched after their initialization:
84 *
85 * - flag_allow_md (initialized to 0)
86 */
87 unsigned int flag_sigalg : 1;
88 /*
89 * Flag to determine if the hash function can be changed (1) or not (0)
90 * Because it's dangerous to change during a DigestSign or DigestVerify
91 * operation, this flag is cleared by their Init function, and set again
92 * by their Final function.
93 */
94 unsigned int flag_allow_md : 1;
95
96 /* The Algorithm Identifier of the combined signature algorithm */
97 unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
98 size_t aid_len;
99
100 /* main digest */
101 char mdname[OSSL_MAX_NAME_SIZE];
102 EVP_MD *md;
103 EVP_MD_CTX *mdctx;
104 size_t mdsize;
105
106 /* Signature, for verification */
107 unsigned char *sig;
108 size_t siglen;
109
110 /*
111 * Internally used to cache the results of calling the EC group
112 * sign_setup() methods which are then passed to the sign operation.
113 * This is used by CAVS failure tests to terminate a loop if the signature
114 * is not valid.
115 * This could of also been done with a simple flag.
116 */
117 BIGNUM *kinv;
118 BIGNUM *r;
119 #if !defined(OPENSSL_NO_ACVP_TESTS)
120 /*
121 * This indicates that KAT (CAVS) test is running. Externally an app will
122 * override the random callback such that the generated private key and k
123 * are known.
124 * Normal operation will loop to choose a new k if the signature is not
125 * valid - but for this mode of operation it forces a failure instead.
126 */
127 unsigned int kattest;
128 #endif
129 #ifdef FIPS_MODULE
130 /*
131 * FIPS 140-3 IG 2.4.B mandates that verification based on a digest of a
132 * message is not permitted. However, signing based on a digest is still
133 * permitted.
134 */
135 int verify_message;
136 #endif
137 /* If this is set then the generated k is not random */
138 unsigned int nonce_type;
139 OSSL_FIPS_IND_DECLARE
140 } PROV_ECDSA_CTX;
141
ecdsa_newctx(void * provctx,const char * propq)142 static void *ecdsa_newctx(void *provctx, const char *propq)
143 {
144 PROV_ECDSA_CTX *ctx;
145
146 if (!ossl_prov_is_running())
147 return NULL;
148
149 ctx = OPENSSL_zalloc(sizeof(PROV_ECDSA_CTX));
150 if (ctx == NULL)
151 return NULL;
152
153 OSSL_FIPS_IND_INIT(ctx)
154 ctx->flag_allow_md = 1;
155 #ifdef FIPS_MODULE
156 ctx->verify_message = 1;
157 #endif
158 ctx->libctx = PROV_LIBCTX_OF(provctx);
159 if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL) {
160 OPENSSL_free(ctx);
161 ctx = NULL;
162 }
163 return ctx;
164 }
165
ecdsa_setup_md(PROV_ECDSA_CTX * ctx,const char * mdname,const char * mdprops,const char * desc)166 static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
167 const char *mdname, const char *mdprops,
168 const char *desc)
169 {
170 EVP_MD *md = NULL;
171 size_t mdname_len;
172 int md_nid, md_size;
173 WPACKET pkt;
174 unsigned char *aid = NULL;
175
176 if (mdname == NULL)
177 return 1;
178
179 mdname_len = strlen(mdname);
180 if (mdname_len >= sizeof(ctx->mdname)) {
181 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
182 "%s exceeds name buffer length", mdname);
183 return 0;
184 }
185 if (mdprops == NULL)
186 mdprops = ctx->propq;
187 md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
188 if (md == NULL) {
189 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
190 "%s could not be fetched", mdname);
191 return 0;
192 }
193 md_size = EVP_MD_get_size(md);
194 if (md_size <= 0) {
195 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
196 "%s has invalid md size %d", mdname, md_size);
197 goto err;
198 }
199 md_nid = ossl_digest_get_approved_nid(md);
200 if (md_nid == NID_undef) {
201 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
202 "digest=%s", mdname);
203 goto err;
204 }
205 /* XOF digests don't work */
206 if (EVP_MD_xof(md)) {
207 ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
208 goto err;
209 }
210
211 #ifdef FIPS_MODULE
212 {
213 int sha1_allowed
214 = ((ctx->operation
215 & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
216
217 if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
218 OSSL_FIPS_IND_SETTABLE1,
219 ctx->libctx,
220 md_nid, sha1_allowed, desc,
221 ossl_fips_config_signature_digest_check))
222 goto err;
223 }
224 #endif
225
226 if (!ctx->flag_allow_md) {
227 if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) {
228 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
229 "digest %s != %s", mdname, ctx->mdname);
230 goto err;
231 }
232 EVP_MD_free(md);
233 return 1;
234 }
235
236 EVP_MD_CTX_free(ctx->mdctx);
237 EVP_MD_free(ctx->md);
238
239 ctx->aid_len = 0;
240 if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
241 && ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec,
242 md_nid)
243 && WPACKET_finish(&pkt)) {
244 WPACKET_get_total_written(&pkt, &ctx->aid_len);
245 aid = WPACKET_get_curr(&pkt);
246 }
247 WPACKET_cleanup(&pkt);
248 if (aid != NULL && ctx->aid_len != 0)
249 memmove(ctx->aid_buf, aid, ctx->aid_len);
250
251 ctx->mdctx = NULL;
252 ctx->md = md;
253 ctx->mdsize = (size_t)md_size;
254 OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
255
256 return 1;
257 err:
258 EVP_MD_free(md);
259 return 0;
260 }
261
262 static int
ecdsa_signverify_init(PROV_ECDSA_CTX * ctx,void * ec,OSSL_FUNC_signature_set_ctx_params_fn * set_ctx_params,const OSSL_PARAM params[],int operation,const char * desc)263 ecdsa_signverify_init(PROV_ECDSA_CTX *ctx, void *ec,
264 OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params,
265 const OSSL_PARAM params[], int operation,
266 const char *desc)
267 {
268 if (!ossl_prov_is_running()
269 || ctx == NULL)
270 return 0;
271
272 if (ec == NULL && ctx->ec == NULL) {
273 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
274 return 0;
275 }
276
277 if (ec != NULL) {
278 if (!EC_KEY_up_ref(ec))
279 return 0;
280 EC_KEY_free(ctx->ec);
281 ctx->ec = ec;
282 }
283
284 ctx->operation = operation;
285
286 OSSL_FIPS_IND_SET_APPROVED(ctx)
287 if (!set_ctx_params(ctx, params))
288 return 0;
289 #ifdef FIPS_MODULE
290 if (!ossl_fips_ind_ec_key_check(OSSL_FIPS_IND_GET(ctx),
291 OSSL_FIPS_IND_SETTABLE0, ctx->libctx,
292 EC_KEY_get0_group(ctx->ec), desc,
293 (operation & (EVP_PKEY_OP_SIGN
294 | EVP_PKEY_OP_SIGNMSG)) != 0))
295 return 0;
296 #endif
297 return 1;
298 }
299
ecdsa_sign_init(void * vctx,void * ec,const OSSL_PARAM params[])300 static int ecdsa_sign_init(void *vctx, void *ec, const OSSL_PARAM params[])
301 {
302 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
303
304 #ifdef FIPS_MODULE
305 ctx->verify_message = 1;
306 #endif
307 return ecdsa_signverify_init(ctx, ec, ecdsa_set_ctx_params, params,
308 EVP_PKEY_OP_SIGN, "ECDSA Sign Init");
309 }
310
311 /*
312 * Sign tbs without digesting it first. This is suitable for "primitive"
313 * signing and signing the digest of a message.
314 */
ecdsa_sign_directly(void * vctx,unsigned char * sig,size_t * siglen,size_t sigsize,const unsigned char * tbs,size_t tbslen)315 static int ecdsa_sign_directly(void *vctx,
316 unsigned char *sig, size_t *siglen, size_t sigsize,
317 const unsigned char *tbs, size_t tbslen)
318 {
319 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
320 int ret;
321 unsigned int sltmp;
322 size_t ecsize = ECDSA_size(ctx->ec);
323
324 if (!ossl_prov_is_running())
325 return 0;
326
327 if (sig == NULL) {
328 *siglen = ecsize;
329 return 1;
330 }
331
332 #if !defined(OPENSSL_NO_ACVP_TESTS)
333 if (ctx->kattest && !ECDSA_sign_setup(ctx->ec, NULL, &ctx->kinv, &ctx->r))
334 return 0;
335 #endif
336
337 if (sigsize < (size_t)ecsize)
338 return 0;
339
340 if (ctx->mdsize != 0 && tbslen != ctx->mdsize)
341 return 0;
342
343 if (ctx->nonce_type != 0) {
344 const char *mdname = NULL;
345
346 if (ctx->mdname[0] != '\0')
347 mdname = ctx->mdname;
348 ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp,
349 ctx->ec, ctx->nonce_type,
350 mdname,
351 ctx->libctx, ctx->propq);
352 } else {
353 ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r,
354 ctx->ec);
355 }
356 if (ret <= 0)
357 return 0;
358
359 *siglen = sltmp;
360 return 1;
361 }
362
ecdsa_signverify_message_update(void * vctx,const unsigned char * data,size_t datalen)363 static int ecdsa_signverify_message_update(void *vctx,
364 const unsigned char *data,
365 size_t datalen)
366 {
367 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
368
369 if (ctx == NULL)
370 return 0;
371
372 return EVP_DigestUpdate(ctx->mdctx, data, datalen);
373 }
374
ecdsa_sign_message_final(void * vctx,unsigned char * sig,size_t * siglen,size_t sigsize)375 static int ecdsa_sign_message_final(void *vctx, unsigned char *sig,
376 size_t *siglen, size_t sigsize)
377 {
378 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
379 unsigned char digest[EVP_MAX_MD_SIZE];
380 unsigned int dlen = 0;
381
382 if (!ossl_prov_is_running() || ctx == NULL)
383 return 0;
384 if (ctx->mdctx == NULL)
385 return 0;
386 /*
387 * If sig is NULL then we're just finding out the sig size. Other fields
388 * are ignored. Defer to ecdsa_sign.
389 */
390 if (sig != NULL
391 && !EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen))
392 return 0;
393 return ecdsa_sign_directly(vctx, sig, siglen, sigsize, digest, dlen);
394 }
395
396 /*
397 * If signing a message, digest tbs and sign the result.
398 * Otherwise, sign tbs directly.
399 */
ecdsa_sign(void * vctx,unsigned char * sig,size_t * siglen,size_t sigsize,const unsigned char * tbs,size_t tbslen)400 static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
401 size_t sigsize, const unsigned char *tbs, size_t tbslen)
402 {
403 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
404
405 if (ctx->operation == EVP_PKEY_OP_SIGNMSG) {
406 /*
407 * If |sig| is NULL, the caller is only looking for the sig length.
408 * DO NOT update the input in this case.
409 */
410 if (sig == NULL)
411 return ecdsa_sign_message_final(ctx, sig, siglen, sigsize);
412
413 if (ecdsa_signverify_message_update(ctx, tbs, tbslen) <= 0)
414 return 0;
415 return ecdsa_sign_message_final(ctx, sig, siglen, sigsize);
416 }
417 return ecdsa_sign_directly(ctx, sig, siglen, sigsize, tbs, tbslen);
418 }
419
ecdsa_verify_init(void * vctx,void * ec,const OSSL_PARAM params[])420 static int ecdsa_verify_init(void *vctx, void *ec, const OSSL_PARAM params[])
421 {
422 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
423
424 #ifdef FIPS_MODULE
425 ctx->verify_message = 0;
426 #endif
427 return ecdsa_signverify_init(ctx, ec, ecdsa_set_ctx_params, params,
428 EVP_PKEY_OP_VERIFY, "ECDSA Verify Init");
429 }
430
ecdsa_verify_directly(void * vctx,const unsigned char * sig,size_t siglen,const unsigned char * tbs,size_t tbslen)431 static int ecdsa_verify_directly(void *vctx,
432 const unsigned char *sig, size_t siglen,
433 const unsigned char *tbs, size_t tbslen)
434 {
435 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
436
437 if (!ossl_prov_is_running() || (ctx->mdsize != 0 && tbslen != ctx->mdsize))
438 return 0;
439
440 return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->ec);
441 }
442
ecdsa_verify_set_sig(void * vctx,const unsigned char * sig,size_t siglen)443 static int ecdsa_verify_set_sig(void *vctx,
444 const unsigned char *sig, size_t siglen)
445 {
446 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
447 OSSL_PARAM params[2];
448
449 params[0] =
450 OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE,
451 (unsigned char *)sig, siglen);
452 params[1] = OSSL_PARAM_construct_end();
453 return ecdsa_sigalg_set_ctx_params(ctx, params);
454 }
455
ecdsa_verify_message_final(void * vctx)456 static int ecdsa_verify_message_final(void *vctx)
457 {
458 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
459 unsigned char digest[EVP_MAX_MD_SIZE];
460 unsigned int dlen = 0;
461
462 if (!ossl_prov_is_running() || ctx == NULL || ctx->mdctx == NULL)
463 return 0;
464
465 /*
466 * The digests used here are all known (see ecdsa_get_md_nid()), so they
467 * should not exceed the internal buffer size of EVP_MAX_MD_SIZE.
468 */
469 if (!EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen))
470 return 0;
471
472 return ecdsa_verify_directly(vctx, ctx->sig, ctx->siglen,
473 digest, dlen);
474 }
475
476 /*
477 * If verifying a message, digest tbs and verify the result.
478 * Otherwise, verify tbs directly.
479 */
ecdsa_verify(void * vctx,const unsigned char * sig,size_t siglen,const unsigned char * tbs,size_t tbslen)480 static int ecdsa_verify(void *vctx,
481 const unsigned char *sig, size_t siglen,
482 const unsigned char *tbs, size_t tbslen)
483 {
484 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
485
486 if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) {
487 if (ecdsa_verify_set_sig(ctx, sig, siglen) <= 0)
488 return 0;
489 if (ecdsa_signverify_message_update(ctx, tbs, tbslen) <= 0)
490 return 0;
491 return ecdsa_verify_message_final(ctx);
492 }
493 return ecdsa_verify_directly(ctx, sig, siglen, tbs, tbslen);
494 }
495
496 /* DigestSign/DigestVerify wrappers */
497
ecdsa_digest_signverify_init(void * vctx,const char * mdname,void * ec,const OSSL_PARAM params[],int operation,const char * desc)498 static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
499 void *ec, const OSSL_PARAM params[],
500 int operation, const char *desc)
501 {
502 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
503
504 if (!ossl_prov_is_running())
505 return 0;
506
507 #ifdef FIPS_MODULE
508 ctx->verify_message = 1;
509 #endif
510 if (!ecdsa_signverify_init(vctx, ec, ecdsa_set_ctx_params, params,
511 operation, desc))
512 return 0;
513
514 if (mdname != NULL
515 /* was ecdsa_setup_md already called in ecdsa_signverify_init()? */
516 && (mdname[0] == '\0' || OPENSSL_strcasecmp(ctx->mdname, mdname) != 0)
517 && !ecdsa_setup_md(ctx, mdname, NULL, desc))
518 return 0;
519
520 ctx->flag_allow_md = 0;
521
522 if (ctx->mdctx == NULL) {
523 ctx->mdctx = EVP_MD_CTX_new();
524 if (ctx->mdctx == NULL)
525 goto error;
526 }
527
528 if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
529 goto error;
530 return 1;
531 error:
532 EVP_MD_CTX_free(ctx->mdctx);
533 ctx->mdctx = NULL;
534 return 0;
535 }
536
ecdsa_digest_sign_init(void * vctx,const char * mdname,void * ec,const OSSL_PARAM params[])537 static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec,
538 const OSSL_PARAM params[])
539 {
540 return ecdsa_digest_signverify_init(vctx, mdname, ec, params,
541 EVP_PKEY_OP_SIGNMSG,
542 "ECDSA Digest Sign Init");
543 }
544
ecdsa_digest_signverify_update(void * vctx,const unsigned char * data,size_t datalen)545 static int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data,
546 size_t datalen)
547 {
548 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
549
550 if (ctx == NULL || ctx->mdctx == NULL)
551 return 0;
552 /* Sigalg implementations shouldn't do digest_sign */
553 if (ctx->flag_sigalg)
554 return 0;
555
556 return ecdsa_signverify_message_update(vctx, data, datalen);
557 }
558
ecdsa_digest_sign_final(void * vctx,unsigned char * sig,size_t * siglen,size_t sigsize)559 int ecdsa_digest_sign_final(void *vctx, unsigned char *sig, size_t *siglen,
560 size_t sigsize)
561 {
562 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
563 int ok = 0;
564
565 if (ctx == NULL)
566 return 0;
567 /* Sigalg implementations shouldn't do digest_sign */
568 if (ctx->flag_sigalg)
569 return 0;
570
571 ok = ecdsa_sign_message_final(ctx, sig, siglen, sigsize);
572
573 ctx->flag_allow_md = 1;
574
575 return ok;
576 }
577
ecdsa_digest_verify_init(void * vctx,const char * mdname,void * ec,const OSSL_PARAM params[])578 static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec,
579 const OSSL_PARAM params[])
580 {
581 return ecdsa_digest_signverify_init(vctx, mdname, ec, params,
582 EVP_PKEY_OP_VERIFYMSG,
583 "ECDSA Digest Verify Init");
584 }
585
ecdsa_digest_verify_final(void * vctx,const unsigned char * sig,size_t siglen)586 int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
587 size_t siglen)
588 {
589 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
590 int ok = 0;
591
592 if (!ossl_prov_is_running() || ctx == NULL || ctx->mdctx == NULL)
593 return 0;
594
595 /* Sigalg implementations shouldn't do digest_verify */
596 if (ctx->flag_sigalg)
597 return 0;
598
599 if (ecdsa_verify_set_sig(ctx, sig, siglen))
600 ok = ecdsa_verify_message_final(ctx);
601
602 ctx->flag_allow_md = 1;
603
604 return ok;
605 }
606
ecdsa_freectx(void * vctx)607 static void ecdsa_freectx(void *vctx)
608 {
609 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
610
611 EVP_MD_CTX_free(ctx->mdctx);
612 EVP_MD_free(ctx->md);
613 OPENSSL_free(ctx->propq);
614 OPENSSL_free(ctx->sig);
615 EC_KEY_free(ctx->ec);
616 BN_clear_free(ctx->kinv);
617 BN_clear_free(ctx->r);
618 OPENSSL_free(ctx);
619 }
620
ecdsa_dupctx(void * vctx)621 static void *ecdsa_dupctx(void *vctx)
622 {
623 PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx;
624 PROV_ECDSA_CTX *dstctx;
625
626 if (!ossl_prov_is_running())
627 return NULL;
628
629 dstctx = OPENSSL_zalloc(sizeof(*srcctx));
630 if (dstctx == NULL)
631 return NULL;
632
633 *dstctx = *srcctx;
634 dstctx->ec = NULL;
635 dstctx->propq = NULL;
636
637 if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec))
638 goto err;
639 /* Test KATS should not need to be supported */
640 if (srcctx->kinv != NULL || srcctx->r != NULL)
641 goto err;
642 dstctx->ec = srcctx->ec;
643
644 if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md))
645 goto err;
646 dstctx->md = srcctx->md;
647
648 if (srcctx->mdctx != NULL) {
649 dstctx->mdctx = EVP_MD_CTX_new();
650 if (dstctx->mdctx == NULL
651 || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
652 goto err;
653 }
654
655 if (srcctx->propq != NULL) {
656 dstctx->propq = OPENSSL_strdup(srcctx->propq);
657 if (dstctx->propq == NULL)
658 goto err;
659 }
660
661 return dstctx;
662 err:
663 ecdsa_freectx(dstctx);
664 return NULL;
665 }
666
ecdsa_get_ctx_params(void * vctx,OSSL_PARAM * params)667 static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params)
668 {
669 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
670 OSSL_PARAM *p;
671
672 if (ctx == NULL)
673 return 0;
674
675 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
676 if (p != NULL && !OSSL_PARAM_set_octet_string(p,
677 ctx->aid_len == 0 ? NULL : ctx->aid_buf,
678 ctx->aid_len))
679 return 0;
680
681 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
682 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->mdsize))
683 return 0;
684
685 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
686 if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL
687 ? ctx->mdname
688 : EVP_MD_get0_name(ctx->md)))
689 return 0;
690
691 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
692 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->nonce_type))
693 return 0;
694
695 #ifdef FIPS_MODULE
696 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE);
697 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->verify_message))
698 return 0;
699 #endif
700
701 if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params))
702 return 0;
703 return 1;
704 }
705
706 static const OSSL_PARAM known_gettable_ctx_params[] = {
707 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
708 OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
709 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
710 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL),
711 #ifdef FIPS_MODULE
712 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, NULL),
713 #endif
714 OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
715 OSSL_PARAM_END
716 };
717
ecdsa_gettable_ctx_params(ossl_unused void * vctx,ossl_unused void * provctx)718 static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx,
719 ossl_unused void *provctx)
720 {
721 return known_gettable_ctx_params;
722 }
723
724 /**
725 * @brief Set up common params for ecdsa_set_ctx_params and
726 * ecdsa_sigalg_set_ctx_params. The caller is responsible for checking |vctx| is
727 * not NULL and |params| is not empty.
728 */
ecdsa_common_set_ctx_params(void * vctx,const OSSL_PARAM params[])729 static int ecdsa_common_set_ctx_params(void *vctx, const OSSL_PARAM params[])
730 {
731 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
732 const OSSL_PARAM *p;
733
734 if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
735 OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK))
736 return 0;
737 if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, params,
738 OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK))
739 return 0;
740
741 #if !defined(OPENSSL_NO_ACVP_TESTS)
742 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
743 if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->kattest))
744 return 0;
745 #endif
746
747 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
748 if (p != NULL
749 && !OSSL_PARAM_get_uint(p, &ctx->nonce_type))
750 return 0;
751 return 1;
752 }
753
754 #define ECDSA_COMMON_SETTABLE_CTX_PARAMS \
755 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), \
756 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \
757 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \
758 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \
759 OSSL_PARAM_END
760
ecdsa_set_ctx_params(void * vctx,const OSSL_PARAM params[])761 static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
762 {
763 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
764 const OSSL_PARAM *p;
765 size_t mdsize = 0;
766 int ret;
767
768 if (ctx == NULL)
769 return 0;
770 if (ossl_param_is_empty(params))
771 return 1;
772
773 if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0)
774 return ret;
775
776 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
777 if (p != NULL) {
778 char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname;
779 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops;
780 const OSSL_PARAM *propsp =
781 OSSL_PARAM_locate_const(params,
782 OSSL_SIGNATURE_PARAM_PROPERTIES);
783
784 if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname)))
785 return 0;
786 if (propsp != NULL
787 && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops)))
788 return 0;
789 if (!ecdsa_setup_md(ctx, mdname, mdprops, "ECDSA Set Ctx"))
790 return 0;
791 }
792
793 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
794 if (p != NULL) {
795 if (!OSSL_PARAM_get_size_t(p, &mdsize)
796 || (!ctx->flag_allow_md && mdsize != ctx->mdsize))
797 return 0;
798 ctx->mdsize = mdsize;
799 }
800 return 1;
801 }
802
803 static const OSSL_PARAM settable_ctx_params[] = {
804 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
805 OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
806 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
807 ECDSA_COMMON_SETTABLE_CTX_PARAMS
808 };
809
ecdsa_settable_ctx_params(void * vctx,ossl_unused void * provctx)810 static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx,
811 ossl_unused void *provctx)
812 {
813 return settable_ctx_params;
814 }
815
ecdsa_get_ctx_md_params(void * vctx,OSSL_PARAM * params)816 static int ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params)
817 {
818 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
819
820 if (ctx->mdctx == NULL)
821 return 0;
822
823 return EVP_MD_CTX_get_params(ctx->mdctx, params);
824 }
825
ecdsa_gettable_ctx_md_params(void * vctx)826 static const OSSL_PARAM *ecdsa_gettable_ctx_md_params(void *vctx)
827 {
828 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
829
830 if (ctx->md == NULL)
831 return 0;
832
833 return EVP_MD_gettable_ctx_params(ctx->md);
834 }
835
ecdsa_set_ctx_md_params(void * vctx,const OSSL_PARAM params[])836 static int ecdsa_set_ctx_md_params(void *vctx, const OSSL_PARAM params[])
837 {
838 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
839
840 if (ctx->mdctx == NULL)
841 return 0;
842
843 return EVP_MD_CTX_set_params(ctx->mdctx, params);
844 }
845
ecdsa_settable_ctx_md_params(void * vctx)846 static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
847 {
848 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
849
850 if (ctx->md == NULL)
851 return 0;
852
853 return EVP_MD_settable_ctx_params(ctx->md);
854 }
855
856 const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = {
857 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
858 { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
859 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign },
860 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))ecdsa_verify_init },
861 { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))ecdsa_verify },
862 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
863 (void (*)(void))ecdsa_digest_sign_init },
864 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE,
865 (void (*)(void))ecdsa_digest_signverify_update },
866 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL,
867 (void (*)(void))ecdsa_digest_sign_final },
868 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
869 (void (*)(void))ecdsa_digest_verify_init },
870 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE,
871 (void (*)(void))ecdsa_digest_signverify_update },
872 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL,
873 (void (*)(void))ecdsa_digest_verify_final },
874 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx },
875 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx },
876 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))ecdsa_get_ctx_params },
877 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
878 (void (*)(void))ecdsa_gettable_ctx_params },
879 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))ecdsa_set_ctx_params },
880 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS,
881 (void (*)(void))ecdsa_settable_ctx_params },
882 { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS,
883 (void (*)(void))ecdsa_get_ctx_md_params },
884 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS,
885 (void (*)(void))ecdsa_gettable_ctx_md_params },
886 { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS,
887 (void (*)(void))ecdsa_set_ctx_md_params },
888 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS,
889 (void (*)(void))ecdsa_settable_ctx_md_params },
890 OSSL_DISPATCH_END
891 };
892
893 /* ------------------------------------------------------------------ */
894
895 /*
896 * So called sigalgs (composite ECDSA+hash) implemented below. They
897 * are pretty much hard coded.
898 */
899
900 static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types;
901 static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_sigalg_settable_ctx_params;
902 static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_sigalg_set_ctx_params;
903
904 /*
905 * ecdsa_sigalg_signverify_init() is almost like ecdsa_digest_signverify_init(),
906 * just doesn't allow fetching an MD from whatever the user chooses.
907 */
ecdsa_sigalg_signverify_init(void * vctx,void * vec,OSSL_FUNC_signature_set_ctx_params_fn * set_ctx_params,const OSSL_PARAM params[],const char * mdname,int operation,const char * desc)908 static int ecdsa_sigalg_signverify_init(void *vctx, void *vec,
909 OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params,
910 const OSSL_PARAM params[],
911 const char *mdname,
912 int operation, const char *desc)
913 {
914 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
915
916 if (!ossl_prov_is_running())
917 return 0;
918
919 if (!ecdsa_signverify_init(vctx, vec, set_ctx_params, params, operation,
920 desc))
921 return 0;
922
923 if (!ecdsa_setup_md(ctx, mdname, NULL, desc))
924 return 0;
925
926 ctx->flag_sigalg = 1;
927 ctx->flag_allow_md = 0;
928
929 if (ctx->mdctx == NULL) {
930 ctx->mdctx = EVP_MD_CTX_new();
931 if (ctx->mdctx == NULL)
932 goto error;
933 }
934
935 if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
936 goto error;
937
938 return 1;
939
940 error:
941 EVP_MD_CTX_free(ctx->mdctx);
942 ctx->mdctx = NULL;
943 return 0;
944 }
945
ecdsa_sigalg_query_key_types(void)946 static const char **ecdsa_sigalg_query_key_types(void)
947 {
948 static const char *keytypes[] = { "EC", NULL };
949
950 return keytypes;
951 }
952
953 static const OSSL_PARAM settable_sigalg_ctx_params[] = {
954 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0),
955 ECDSA_COMMON_SETTABLE_CTX_PARAMS
956 };
957
ecdsa_sigalg_settable_ctx_params(void * vctx,ossl_unused void * provctx)958 static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx,
959 ossl_unused void *provctx)
960 {
961 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
962
963 if (ctx != NULL && ctx->operation == EVP_PKEY_OP_VERIFYMSG)
964 return settable_sigalg_ctx_params;
965 return NULL;
966 }
967
ecdsa_sigalg_set_ctx_params(void * vctx,const OSSL_PARAM params[])968 static int ecdsa_sigalg_set_ctx_params(void *vctx, const OSSL_PARAM params[])
969 {
970 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
971 const OSSL_PARAM *p;
972 int ret;
973
974 if (ctx == NULL)
975 return 0;
976 if (ossl_param_is_empty(params))
977 return 1;
978
979 if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0)
980 return ret;
981
982 if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) {
983 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE);
984 if (p != NULL) {
985 OPENSSL_free(ctx->sig);
986 ctx->sig = NULL;
987 ctx->siglen = 0;
988 if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sig,
989 0, &ctx->siglen))
990 return 0;
991 }
992 }
993 return 1;
994 }
995
996 #define IMPL_ECDSA_SIGALG(md, MD) \
997 static OSSL_FUNC_signature_sign_init_fn ecdsa_##md##_sign_init; \
998 static OSSL_FUNC_signature_sign_message_init_fn \
999 ecdsa_##md##_sign_message_init; \
1000 static OSSL_FUNC_signature_verify_init_fn ecdsa_##md##_verify_init; \
1001 static OSSL_FUNC_signature_verify_message_init_fn \
1002 ecdsa_##md##_verify_message_init; \
1003 \
1004 static int \
1005 ecdsa_##md##_sign_init(void *vctx, void *vec, \
1006 const OSSL_PARAM params[]) \
1007 { \
1008 static const char desc[] = "ECDSA-" #MD " Sign Init"; \
1009 \
1010 return ecdsa_sigalg_signverify_init(vctx, vec, \
1011 ecdsa_sigalg_set_ctx_params, \
1012 params, #MD, \
1013 EVP_PKEY_OP_SIGN, \
1014 desc); \
1015 } \
1016 \
1017 static int \
1018 ecdsa_##md##_sign_message_init(void *vctx, void *vec, \
1019 const OSSL_PARAM params[]) \
1020 { \
1021 static const char desc[] = "ECDSA-" #MD " Sign Message Init"; \
1022 \
1023 return ecdsa_sigalg_signverify_init(vctx, vec, \
1024 ecdsa_sigalg_set_ctx_params, \
1025 params, #MD, \
1026 EVP_PKEY_OP_SIGNMSG, \
1027 desc); \
1028 } \
1029 \
1030 static int \
1031 ecdsa_##md##_verify_init(void *vctx, void *vec, \
1032 const OSSL_PARAM params[]) \
1033 { \
1034 static const char desc[] = "ECDSA-" #MD " Verify Init"; \
1035 \
1036 return ecdsa_sigalg_signverify_init(vctx, vec, \
1037 ecdsa_sigalg_set_ctx_params, \
1038 params, #MD, \
1039 EVP_PKEY_OP_VERIFY, \
1040 desc); \
1041 } \
1042 \
1043 static int \
1044 ecdsa_##md##_verify_message_init(void *vctx, void *vec, \
1045 const OSSL_PARAM params[]) \
1046 { \
1047 static const char desc[] = "ECDSA-" #MD " Verify Message Init"; \
1048 \
1049 return ecdsa_sigalg_signverify_init(vctx, vec, \
1050 ecdsa_sigalg_set_ctx_params, \
1051 params, #MD, \
1052 EVP_PKEY_OP_VERIFYMSG, \
1053 desc); \
1054 } \
1055 \
1056 const OSSL_DISPATCH ossl_ecdsa_##md##_signature_functions[] = { \
1057 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, \
1058 { OSSL_FUNC_SIGNATURE_SIGN_INIT, \
1059 (void (*)(void))ecdsa_##md##_sign_init }, \
1060 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign }, \
1061 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \
1062 (void (*)(void))ecdsa_##md##_sign_message_init }, \
1063 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE, \
1064 (void (*)(void))ecdsa_signverify_message_update }, \
1065 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL, \
1066 (void (*)(void))ecdsa_sign_message_final }, \
1067 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, \
1068 (void (*)(void))ecdsa_##md##_verify_init }, \
1069 { OSSL_FUNC_SIGNATURE_VERIFY, \
1070 (void (*)(void))ecdsa_verify }, \
1071 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \
1072 (void (*)(void))ecdsa_##md##_verify_message_init }, \
1073 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE, \
1074 (void (*)(void))ecdsa_signverify_message_update }, \
1075 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL, \
1076 (void (*)(void))ecdsa_verify_message_final }, \
1077 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx }, \
1078 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx }, \
1079 { OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES, \
1080 (void (*)(void))ecdsa_sigalg_query_key_types }, \
1081 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \
1082 (void (*)(void))ecdsa_get_ctx_params }, \
1083 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \
1084 (void (*)(void))ecdsa_gettable_ctx_params }, \
1085 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \
1086 (void (*)(void))ecdsa_sigalg_set_ctx_params }, \
1087 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \
1088 (void (*)(void))ecdsa_sigalg_settable_ctx_params }, \
1089 OSSL_DISPATCH_END \
1090 }
1091
1092 IMPL_ECDSA_SIGALG(sha1, SHA1);
1093 IMPL_ECDSA_SIGALG(sha224, SHA2-224);
1094 IMPL_ECDSA_SIGALG(sha256, SHA2-256);
1095 IMPL_ECDSA_SIGALG(sha384, SHA2-384);
1096 IMPL_ECDSA_SIGALG(sha512, SHA2-512);
1097 IMPL_ECDSA_SIGALG(sha3_224, SHA3-224);
1098 IMPL_ECDSA_SIGALG(sha3_256, SHA3-256);
1099 IMPL_ECDSA_SIGALG(sha3_384, SHA3-384);
1100 IMPL_ECDSA_SIGALG(sha3_512, SHA3-512);
1101
