1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * ECDSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <string.h> /* memcpy */
17 #include <openssl/crypto.h>
18 #include <openssl/core_dispatch.h>
19 #include <openssl/core_names.h>
20 #include <openssl/dsa.h>
21 #include <openssl/params.h>
22 #include <openssl/evp.h>
23 #include <openssl/err.h>
24 #include <openssl/proverr.h>
25 #include "internal/nelem.h"
26 #include "internal/sizes.h"
27 #include "internal/cryptlib.h"
28 #include "internal/deterministic_nonce.h"
29 #include "prov/providercommon.h"
30 #include "prov/implementations.h"
31 #include "prov/provider_ctx.h"
32 #include "prov/securitycheck.h"
33 #include "prov/der_ec.h"
34 #include "crypto/ec.h"
35
36 static OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
37 static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init;
38 static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init;
39 static OSSL_FUNC_signature_sign_fn ecdsa_sign;
40 static OSSL_FUNC_signature_sign_message_update_fn ecdsa_signverify_message_update;
41 static OSSL_FUNC_signature_sign_message_final_fn ecdsa_sign_message_final;
42 static OSSL_FUNC_signature_verify_fn ecdsa_verify;
43 static OSSL_FUNC_signature_verify_message_update_fn ecdsa_signverify_message_update;
44 static OSSL_FUNC_signature_verify_message_final_fn ecdsa_verify_message_final;
45 static OSSL_FUNC_signature_digest_sign_init_fn ecdsa_digest_sign_init;
46 static OSSL_FUNC_signature_digest_sign_update_fn ecdsa_digest_signverify_update;
47 static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
48 static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init;
49 static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update;
50 static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final;
51 static OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
52 static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx;
53 static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types;
54 static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params;
55 static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params;
56 static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_set_ctx_params;
57 static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_settable_ctx_params;
58 static OSSL_FUNC_signature_get_ctx_md_params_fn ecdsa_get_ctx_md_params;
59 static OSSL_FUNC_signature_gettable_ctx_md_params_fn ecdsa_gettable_ctx_md_params;
60 static OSSL_FUNC_signature_set_ctx_md_params_fn ecdsa_set_ctx_md_params;
61 static OSSL_FUNC_signature_settable_ctx_md_params_fn ecdsa_settable_ctx_md_params;
62 static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_sigalg_set_ctx_params;
63 static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_sigalg_settable_ctx_params;
64
65 /*
66 * What's passed as an actual key is defined by the KEYMGMT interface.
67 * We happen to know that our KEYMGMT simply passes DSA structures, so
68 * we use that here too.
69 */
70
71 typedef struct {
72 OSSL_LIB_CTX *libctx;
73 char *propq;
74 EC_KEY *ec;
75 /* |operation| reuses EVP's operation bitfield */
76 int operation;
77
78 /*
79 * Flag to determine if a full sigalg is run (1) or if a composable
80 * signature algorithm is run (0).
81 *
82 * When a full sigalg is run (1), this currently affects the following
83 * other flags, which are to remain untouched after their initialization:
84 *
85 * - flag_allow_md (initialized to 0)
86 */
87 unsigned int flag_sigalg : 1;
88 /*
89 * Flag to determine if the hash function can be changed (1) or not (0)
90 * Because it's dangerous to change during a DigestSign or DigestVerify
91 * operation, this flag is cleared by their Init function, and set again
92 * by their Final function.
93 */
94 unsigned int flag_allow_md : 1;
95
96 /* The Algorithm Identifier of the combined signature algorithm */
97 unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
98 unsigned char *aid;
99 size_t aid_len;
100
101 /* main digest */
102 char mdname[OSSL_MAX_NAME_SIZE];
103 EVP_MD *md;
104 EVP_MD_CTX *mdctx;
105 size_t mdsize;
106
107 /* Signature, for verification */
108 unsigned char *sig;
109 size_t siglen;
110
111 /*
112 * Internally used to cache the results of calling the EC group
113 * sign_setup() methods which are then passed to the sign operation.
114 * This is used by CAVS failure tests to terminate a loop if the signature
115 * is not valid.
116 * This could of also been done with a simple flag.
117 */
118 BIGNUM *kinv;
119 BIGNUM *r;
120 #if !defined(OPENSSL_NO_ACVP_TESTS)
121 /*
122 * This indicates that KAT (CAVS) test is running. Externally an app will
123 * override the random callback such that the generated private key and k
124 * are known.
125 * Normal operation will loop to choose a new k if the signature is not
126 * valid - but for this mode of operation it forces a failure instead.
127 */
128 unsigned int kattest;
129 #endif
130 #ifdef FIPS_MODULE
131 /*
132 * FIPS 140-3 IG 2.4.B mandates that verification based on a digest of a
133 * message is not permitted. However, signing based on a digest is still
134 * permitted.
135 */
136 int verify_message;
137 #endif
138 /* If this is set then the generated k is not random */
139 unsigned int nonce_type;
140 OSSL_FIPS_IND_DECLARE
141 } PROV_ECDSA_CTX;
142
ecdsa_newctx(void * provctx,const char * propq)143 static void *ecdsa_newctx(void *provctx, const char *propq)
144 {
145 PROV_ECDSA_CTX *ctx;
146
147 if (!ossl_prov_is_running())
148 return NULL;
149
150 ctx = OPENSSL_zalloc(sizeof(PROV_ECDSA_CTX));
151 if (ctx == NULL)
152 return NULL;
153
154 OSSL_FIPS_IND_INIT(ctx)
155 ctx->flag_allow_md = 1;
156 #ifdef FIPS_MODULE
157 ctx->verify_message = 1;
158 #endif
159 ctx->libctx = PROV_LIBCTX_OF(provctx);
160 if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL) {
161 OPENSSL_free(ctx);
162 ctx = NULL;
163 }
164 return ctx;
165 }
166
ecdsa_setup_md(PROV_ECDSA_CTX * ctx,const char * mdname,const char * mdprops,const char * desc)167 static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
168 const char *mdname, const char *mdprops,
169 const char *desc)
170 {
171 EVP_MD *md = NULL;
172 size_t mdname_len;
173 int md_nid, md_size;
174 WPACKET pkt;
175
176 if (mdname == NULL)
177 return 1;
178
179 mdname_len = strlen(mdname);
180 if (mdname_len >= sizeof(ctx->mdname)) {
181 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
182 "%s exceeds name buffer length", mdname);
183 return 0;
184 }
185 if (mdprops == NULL)
186 mdprops = ctx->propq;
187 md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
188 if (md == NULL) {
189 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
190 "%s could not be fetched", mdname);
191 return 0;
192 }
193 md_size = EVP_MD_get_size(md);
194 if (md_size <= 0) {
195 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
196 "%s has invalid md size %d", mdname, md_size);
197 goto err;
198 }
199 md_nid = ossl_digest_get_approved_nid(md);
200 if (md_nid == NID_undef) {
201 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
202 "digest=%s", mdname);
203 goto err;
204 }
205 /* XOF digests don't work */
206 if (EVP_MD_xof(md)) {
207 ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
208 goto err;
209 }
210
211 #ifdef FIPS_MODULE
212 {
213 int sha1_allowed
214 = ((ctx->operation
215 & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
216
217 if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
218 OSSL_FIPS_IND_SETTABLE1,
219 ctx->libctx,
220 md_nid, sha1_allowed, desc,
221 ossl_fips_config_signature_digest_check))
222 goto err;
223 }
224 #endif
225
226 if (!ctx->flag_allow_md) {
227 if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) {
228 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
229 "digest %s != %s", mdname, ctx->mdname);
230 goto err;
231 }
232 EVP_MD_free(md);
233 return 1;
234 }
235
236 EVP_MD_CTX_free(ctx->mdctx);
237 EVP_MD_free(ctx->md);
238
239 ctx->aid_len = 0;
240 if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
241 && ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec,
242 md_nid)
243 && WPACKET_finish(&pkt)) {
244 WPACKET_get_total_written(&pkt, &ctx->aid_len);
245 ctx->aid = WPACKET_get_curr(&pkt);
246 }
247 WPACKET_cleanup(&pkt);
248 ctx->mdctx = NULL;
249 ctx->md = md;
250 ctx->mdsize = (size_t)md_size;
251 OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
252
253 return 1;
254 err:
255 EVP_MD_free(md);
256 return 0;
257 }
258
259 static int
ecdsa_signverify_init(PROV_ECDSA_CTX * ctx,void * ec,OSSL_FUNC_signature_set_ctx_params_fn * set_ctx_params,const OSSL_PARAM params[],int operation,const char * desc)260 ecdsa_signverify_init(PROV_ECDSA_CTX *ctx, void *ec,
261 OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params,
262 const OSSL_PARAM params[], int operation,
263 const char *desc)
264 {
265 if (!ossl_prov_is_running()
266 || ctx == NULL)
267 return 0;
268
269 if (ec == NULL && ctx->ec == NULL) {
270 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
271 return 0;
272 }
273
274 if (ec != NULL) {
275 if (!EC_KEY_up_ref(ec))
276 return 0;
277 EC_KEY_free(ctx->ec);
278 ctx->ec = ec;
279 }
280
281 ctx->operation = operation;
282
283 OSSL_FIPS_IND_SET_APPROVED(ctx)
284 if (!set_ctx_params(ctx, params))
285 return 0;
286 #ifdef FIPS_MODULE
287 if (!ossl_fips_ind_ec_key_check(OSSL_FIPS_IND_GET(ctx),
288 OSSL_FIPS_IND_SETTABLE0, ctx->libctx,
289 EC_KEY_get0_group(ctx->ec), desc,
290 (operation & (EVP_PKEY_OP_SIGN
291 | EVP_PKEY_OP_SIGNMSG)) != 0))
292 return 0;
293 #endif
294 return 1;
295 }
296
ecdsa_sign_init(void * vctx,void * ec,const OSSL_PARAM params[])297 static int ecdsa_sign_init(void *vctx, void *ec, const OSSL_PARAM params[])
298 {
299 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
300
301 #ifdef FIPS_MODULE
302 ctx->verify_message = 1;
303 #endif
304 return ecdsa_signverify_init(ctx, ec, ecdsa_set_ctx_params, params,
305 EVP_PKEY_OP_SIGN, "ECDSA Sign Init");
306 }
307
308 /*
309 * Sign tbs without digesting it first. This is suitable for "primitive"
310 * signing and signing the digest of a message.
311 */
ecdsa_sign_directly(void * vctx,unsigned char * sig,size_t * siglen,size_t sigsize,const unsigned char * tbs,size_t tbslen)312 static int ecdsa_sign_directly(void *vctx,
313 unsigned char *sig, size_t *siglen, size_t sigsize,
314 const unsigned char *tbs, size_t tbslen)
315 {
316 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
317 int ret;
318 unsigned int sltmp;
319 size_t ecsize = ECDSA_size(ctx->ec);
320
321 if (!ossl_prov_is_running())
322 return 0;
323
324 if (sig == NULL) {
325 *siglen = ecsize;
326 return 1;
327 }
328
329 #if !defined(OPENSSL_NO_ACVP_TESTS)
330 if (ctx->kattest && !ECDSA_sign_setup(ctx->ec, NULL, &ctx->kinv, &ctx->r))
331 return 0;
332 #endif
333
334 if (sigsize < (size_t)ecsize)
335 return 0;
336
337 if (ctx->mdsize != 0 && tbslen != ctx->mdsize)
338 return 0;
339
340 if (ctx->nonce_type != 0) {
341 const char *mdname = NULL;
342
343 if (ctx->mdname[0] != '\0')
344 mdname = ctx->mdname;
345 ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp,
346 ctx->ec, ctx->nonce_type,
347 mdname,
348 ctx->libctx, ctx->propq);
349 } else {
350 ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r,
351 ctx->ec);
352 }
353 if (ret <= 0)
354 return 0;
355
356 *siglen = sltmp;
357 return 1;
358 }
359
ecdsa_signverify_message_update(void * vctx,const unsigned char * data,size_t datalen)360 static int ecdsa_signverify_message_update(void *vctx,
361 const unsigned char *data,
362 size_t datalen)
363 {
364 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
365
366 if (ctx == NULL)
367 return 0;
368
369 return EVP_DigestUpdate(ctx->mdctx, data, datalen);
370 }
371
ecdsa_sign_message_final(void * vctx,unsigned char * sig,size_t * siglen,size_t sigsize)372 static int ecdsa_sign_message_final(void *vctx, unsigned char *sig,
373 size_t *siglen, size_t sigsize)
374 {
375 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
376 unsigned char digest[EVP_MAX_MD_SIZE];
377 unsigned int dlen = 0;
378
379 if (!ossl_prov_is_running() || ctx == NULL)
380 return 0;
381 if (ctx->mdctx == NULL)
382 return 0;
383 /*
384 * If sig is NULL then we're just finding out the sig size. Other fields
385 * are ignored. Defer to ecdsa_sign.
386 */
387 if (sig != NULL
388 && !EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen))
389 return 0;
390 return ecdsa_sign_directly(vctx, sig, siglen, sigsize, digest, dlen);
391 }
392
393 /*
394 * If signing a message, digest tbs and sign the result.
395 * Otherwise, sign tbs directly.
396 */
ecdsa_sign(void * vctx,unsigned char * sig,size_t * siglen,size_t sigsize,const unsigned char * tbs,size_t tbslen)397 static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
398 size_t sigsize, const unsigned char *tbs, size_t tbslen)
399 {
400 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
401
402 if (ctx->operation == EVP_PKEY_OP_SIGNMSG) {
403 /*
404 * If |sig| is NULL, the caller is only looking for the sig length.
405 * DO NOT update the input in this case.
406 */
407 if (sig == NULL)
408 return ecdsa_sign_message_final(ctx, sig, siglen, sigsize);
409
410 if (ecdsa_signverify_message_update(ctx, tbs, tbslen) <= 0)
411 return 0;
412 return ecdsa_sign_message_final(ctx, sig, siglen, sigsize);
413 }
414 return ecdsa_sign_directly(ctx, sig, siglen, sigsize, tbs, tbslen);
415 }
416
ecdsa_verify_init(void * vctx,void * ec,const OSSL_PARAM params[])417 static int ecdsa_verify_init(void *vctx, void *ec, const OSSL_PARAM params[])
418 {
419 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
420
421 #ifdef FIPS_MODULE
422 ctx->verify_message = 0;
423 #endif
424 return ecdsa_signverify_init(ctx, ec, ecdsa_set_ctx_params, params,
425 EVP_PKEY_OP_VERIFY, "ECDSA Verify Init");
426 }
427
ecdsa_verify_directly(void * vctx,const unsigned char * sig,size_t siglen,const unsigned char * tbs,size_t tbslen)428 static int ecdsa_verify_directly(void *vctx,
429 const unsigned char *sig, size_t siglen,
430 const unsigned char *tbs, size_t tbslen)
431 {
432 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
433
434 if (!ossl_prov_is_running() || (ctx->mdsize != 0 && tbslen != ctx->mdsize))
435 return 0;
436
437 return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->ec);
438 }
439
ecdsa_verify_set_sig(void * vctx,const unsigned char * sig,size_t siglen)440 static int ecdsa_verify_set_sig(void *vctx,
441 const unsigned char *sig, size_t siglen)
442 {
443 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
444 OSSL_PARAM params[2];
445
446 params[0] =
447 OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE,
448 (unsigned char *)sig, siglen);
449 params[1] = OSSL_PARAM_construct_end();
450 return ecdsa_sigalg_set_ctx_params(ctx, params);
451 }
452
ecdsa_verify_message_final(void * vctx)453 static int ecdsa_verify_message_final(void *vctx)
454 {
455 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
456 unsigned char digest[EVP_MAX_MD_SIZE];
457 unsigned int dlen = 0;
458
459 if (!ossl_prov_is_running() || ctx == NULL || ctx->mdctx == NULL)
460 return 0;
461
462 /*
463 * The digests used here are all known (see ecdsa_get_md_nid()), so they
464 * should not exceed the internal buffer size of EVP_MAX_MD_SIZE.
465 */
466 if (!EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen))
467 return 0;
468
469 return ecdsa_verify_directly(vctx, ctx->sig, ctx->siglen,
470 digest, dlen);
471 }
472
473 /*
474 * If verifying a message, digest tbs and verify the result.
475 * Otherwise, verify tbs directly.
476 */
ecdsa_verify(void * vctx,const unsigned char * sig,size_t siglen,const unsigned char * tbs,size_t tbslen)477 static int ecdsa_verify(void *vctx,
478 const unsigned char *sig, size_t siglen,
479 const unsigned char *tbs, size_t tbslen)
480 {
481 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
482
483 if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) {
484 if (ecdsa_verify_set_sig(ctx, sig, siglen) <= 0)
485 return 0;
486 if (ecdsa_signverify_message_update(ctx, tbs, tbslen) <= 0)
487 return 0;
488 return ecdsa_verify_message_final(ctx);
489 }
490 return ecdsa_verify_directly(ctx, sig, siglen, tbs, tbslen);
491 }
492
493 /* DigestSign/DigestVerify wrappers */
494
ecdsa_digest_signverify_init(void * vctx,const char * mdname,void * ec,const OSSL_PARAM params[],int operation,const char * desc)495 static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
496 void *ec, const OSSL_PARAM params[],
497 int operation, const char *desc)
498 {
499 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
500
501 if (!ossl_prov_is_running())
502 return 0;
503
504 #ifdef FIPS_MODULE
505 ctx->verify_message = 1;
506 #endif
507 if (!ecdsa_signverify_init(vctx, ec, ecdsa_set_ctx_params, params,
508 operation, desc))
509 return 0;
510
511 if (mdname != NULL
512 /* was ecdsa_setup_md already called in ecdsa_signverify_init()? */
513 && (mdname[0] == '\0' || OPENSSL_strcasecmp(ctx->mdname, mdname) != 0)
514 && !ecdsa_setup_md(ctx, mdname, NULL, desc))
515 return 0;
516
517 ctx->flag_allow_md = 0;
518
519 if (ctx->mdctx == NULL) {
520 ctx->mdctx = EVP_MD_CTX_new();
521 if (ctx->mdctx == NULL)
522 goto error;
523 }
524
525 if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
526 goto error;
527 return 1;
528 error:
529 EVP_MD_CTX_free(ctx->mdctx);
530 ctx->mdctx = NULL;
531 return 0;
532 }
533
ecdsa_digest_sign_init(void * vctx,const char * mdname,void * ec,const OSSL_PARAM params[])534 static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec,
535 const OSSL_PARAM params[])
536 {
537 return ecdsa_digest_signverify_init(vctx, mdname, ec, params,
538 EVP_PKEY_OP_SIGNMSG,
539 "ECDSA Digest Sign Init");
540 }
541
ecdsa_digest_signverify_update(void * vctx,const unsigned char * data,size_t datalen)542 static int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data,
543 size_t datalen)
544 {
545 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
546
547 if (ctx == NULL || ctx->mdctx == NULL)
548 return 0;
549 /* Sigalg implementations shouldn't do digest_sign */
550 if (ctx->flag_sigalg)
551 return 0;
552
553 return ecdsa_signverify_message_update(vctx, data, datalen);
554 }
555
ecdsa_digest_sign_final(void * vctx,unsigned char * sig,size_t * siglen,size_t sigsize)556 int ecdsa_digest_sign_final(void *vctx, unsigned char *sig, size_t *siglen,
557 size_t sigsize)
558 {
559 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
560 int ok = 0;
561
562 if (ctx == NULL)
563 return 0;
564 /* Sigalg implementations shouldn't do digest_sign */
565 if (ctx->flag_sigalg)
566 return 0;
567
568 ok = ecdsa_sign_message_final(ctx, sig, siglen, sigsize);
569
570 ctx->flag_allow_md = 1;
571
572 return ok;
573 }
574
ecdsa_digest_verify_init(void * vctx,const char * mdname,void * ec,const OSSL_PARAM params[])575 static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec,
576 const OSSL_PARAM params[])
577 {
578 return ecdsa_digest_signverify_init(vctx, mdname, ec, params,
579 EVP_PKEY_OP_VERIFYMSG,
580 "ECDSA Digest Verify Init");
581 }
582
ecdsa_digest_verify_final(void * vctx,const unsigned char * sig,size_t siglen)583 int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
584 size_t siglen)
585 {
586 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
587 int ok = 0;
588
589 if (!ossl_prov_is_running() || ctx == NULL || ctx->mdctx == NULL)
590 return 0;
591
592 /* Sigalg implementations shouldn't do digest_verify */
593 if (ctx->flag_sigalg)
594 return 0;
595
596 if (ecdsa_verify_set_sig(ctx, sig, siglen))
597 ok = ecdsa_verify_message_final(ctx);
598
599 ctx->flag_allow_md = 1;
600
601 return ok;
602 }
603
ecdsa_freectx(void * vctx)604 static void ecdsa_freectx(void *vctx)
605 {
606 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
607
608 EVP_MD_CTX_free(ctx->mdctx);
609 EVP_MD_free(ctx->md);
610 OPENSSL_free(ctx->propq);
611 OPENSSL_free(ctx->sig);
612 EC_KEY_free(ctx->ec);
613 BN_clear_free(ctx->kinv);
614 BN_clear_free(ctx->r);
615 OPENSSL_free(ctx);
616 }
617
ecdsa_dupctx(void * vctx)618 static void *ecdsa_dupctx(void *vctx)
619 {
620 PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx;
621 PROV_ECDSA_CTX *dstctx;
622
623 if (!ossl_prov_is_running())
624 return NULL;
625
626 dstctx = OPENSSL_zalloc(sizeof(*srcctx));
627 if (dstctx == NULL)
628 return NULL;
629
630 *dstctx = *srcctx;
631 dstctx->ec = NULL;
632 dstctx->propq = NULL;
633
634 if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec))
635 goto err;
636 /* Test KATS should not need to be supported */
637 if (srcctx->kinv != NULL || srcctx->r != NULL)
638 goto err;
639 dstctx->ec = srcctx->ec;
640
641 if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md))
642 goto err;
643 dstctx->md = srcctx->md;
644
645 if (srcctx->mdctx != NULL) {
646 dstctx->mdctx = EVP_MD_CTX_new();
647 if (dstctx->mdctx == NULL
648 || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
649 goto err;
650 }
651
652 if (srcctx->propq != NULL) {
653 dstctx->propq = OPENSSL_strdup(srcctx->propq);
654 if (dstctx->propq == NULL)
655 goto err;
656 }
657
658 return dstctx;
659 err:
660 ecdsa_freectx(dstctx);
661 return NULL;
662 }
663
ecdsa_get_ctx_params(void * vctx,OSSL_PARAM * params)664 static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params)
665 {
666 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
667 OSSL_PARAM *p;
668
669 if (ctx == NULL)
670 return 0;
671
672 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
673 if (p != NULL && !OSSL_PARAM_set_octet_string(p, ctx->aid, ctx->aid_len))
674 return 0;
675
676 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
677 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->mdsize))
678 return 0;
679
680 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
681 if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL
682 ? ctx->mdname
683 : EVP_MD_get0_name(ctx->md)))
684 return 0;
685
686 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
687 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->nonce_type))
688 return 0;
689
690 #ifdef FIPS_MODULE
691 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE);
692 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->verify_message))
693 return 0;
694 #endif
695
696 if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params))
697 return 0;
698 return 1;
699 }
700
701 static const OSSL_PARAM known_gettable_ctx_params[] = {
702 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
703 OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
704 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
705 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL),
706 #ifdef FIPS_MODULE
707 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, NULL),
708 #endif
709 OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
710 OSSL_PARAM_END
711 };
712
ecdsa_gettable_ctx_params(ossl_unused void * vctx,ossl_unused void * provctx)713 static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx,
714 ossl_unused void *provctx)
715 {
716 return known_gettable_ctx_params;
717 }
718
719 /* The common params for ecdsa_set_ctx_params and ecdsa_sigalg_set_ctx_params */
ecdsa_common_set_ctx_params(void * vctx,const OSSL_PARAM params[])720 static int ecdsa_common_set_ctx_params(void *vctx, const OSSL_PARAM params[])
721 {
722 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
723 const OSSL_PARAM *p;
724
725 if (ctx == NULL)
726 return 0;
727 if (params == NULL)
728 return 1;
729
730 if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
731 OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK))
732 return 0;
733 if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, params,
734 OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK))
735 return 0;
736
737 #if !defined(OPENSSL_NO_ACVP_TESTS)
738 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
739 if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->kattest))
740 return 0;
741 #endif
742
743 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
744 if (p != NULL
745 && !OSSL_PARAM_get_uint(p, &ctx->nonce_type))
746 return 0;
747 return 1;
748 }
749
750 #define ECDSA_COMMON_SETTABLE_CTX_PARAMS \
751 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), \
752 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \
753 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \
754 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \
755 OSSL_PARAM_END
756
ecdsa_set_ctx_params(void * vctx,const OSSL_PARAM params[])757 static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
758 {
759 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
760 const OSSL_PARAM *p;
761 size_t mdsize = 0;
762 int ret;
763
764 if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0)
765 return ret;
766
767 if (params == NULL)
768 return 1;
769
770 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
771 if (p != NULL) {
772 char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname;
773 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops;
774 const OSSL_PARAM *propsp =
775 OSSL_PARAM_locate_const(params,
776 OSSL_SIGNATURE_PARAM_PROPERTIES);
777
778 if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname)))
779 return 0;
780 if (propsp != NULL
781 && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops)))
782 return 0;
783 if (!ecdsa_setup_md(ctx, mdname, mdprops, "ECDSA Set Ctx"))
784 return 0;
785 }
786
787 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
788 if (p != NULL) {
789 if (!OSSL_PARAM_get_size_t(p, &mdsize)
790 || (!ctx->flag_allow_md && mdsize != ctx->mdsize))
791 return 0;
792 ctx->mdsize = mdsize;
793 }
794 return 1;
795 }
796
797 static const OSSL_PARAM settable_ctx_params[] = {
798 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
799 OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
800 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
801 ECDSA_COMMON_SETTABLE_CTX_PARAMS
802 };
803
ecdsa_settable_ctx_params(void * vctx,ossl_unused void * provctx)804 static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx,
805 ossl_unused void *provctx)
806 {
807 return settable_ctx_params;
808 }
809
ecdsa_get_ctx_md_params(void * vctx,OSSL_PARAM * params)810 static int ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params)
811 {
812 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
813
814 if (ctx->mdctx == NULL)
815 return 0;
816
817 return EVP_MD_CTX_get_params(ctx->mdctx, params);
818 }
819
ecdsa_gettable_ctx_md_params(void * vctx)820 static const OSSL_PARAM *ecdsa_gettable_ctx_md_params(void *vctx)
821 {
822 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
823
824 if (ctx->md == NULL)
825 return 0;
826
827 return EVP_MD_gettable_ctx_params(ctx->md);
828 }
829
ecdsa_set_ctx_md_params(void * vctx,const OSSL_PARAM params[])830 static int ecdsa_set_ctx_md_params(void *vctx, const OSSL_PARAM params[])
831 {
832 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
833
834 if (ctx->mdctx == NULL)
835 return 0;
836
837 return EVP_MD_CTX_set_params(ctx->mdctx, params);
838 }
839
ecdsa_settable_ctx_md_params(void * vctx)840 static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
841 {
842 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
843
844 if (ctx->md == NULL)
845 return 0;
846
847 return EVP_MD_settable_ctx_params(ctx->md);
848 }
849
850 const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = {
851 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
852 { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
853 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign },
854 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))ecdsa_verify_init },
855 { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))ecdsa_verify },
856 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
857 (void (*)(void))ecdsa_digest_sign_init },
858 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE,
859 (void (*)(void))ecdsa_digest_signverify_update },
860 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL,
861 (void (*)(void))ecdsa_digest_sign_final },
862 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
863 (void (*)(void))ecdsa_digest_verify_init },
864 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE,
865 (void (*)(void))ecdsa_digest_signverify_update },
866 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL,
867 (void (*)(void))ecdsa_digest_verify_final },
868 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx },
869 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx },
870 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))ecdsa_get_ctx_params },
871 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
872 (void (*)(void))ecdsa_gettable_ctx_params },
873 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))ecdsa_set_ctx_params },
874 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS,
875 (void (*)(void))ecdsa_settable_ctx_params },
876 { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS,
877 (void (*)(void))ecdsa_get_ctx_md_params },
878 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS,
879 (void (*)(void))ecdsa_gettable_ctx_md_params },
880 { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS,
881 (void (*)(void))ecdsa_set_ctx_md_params },
882 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS,
883 (void (*)(void))ecdsa_settable_ctx_md_params },
884 OSSL_DISPATCH_END
885 };
886
887 /* ------------------------------------------------------------------ */
888
889 /*
890 * So called sigalgs (composite ECDSA+hash) implemented below. They
891 * are pretty much hard coded.
892 */
893
894 static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types;
895 static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_sigalg_settable_ctx_params;
896 static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_sigalg_set_ctx_params;
897
898 /*
899 * ecdsa_sigalg_signverify_init() is almost like ecdsa_digest_signverify_init(),
900 * just doesn't allow fetching an MD from whatever the user chooses.
901 */
ecdsa_sigalg_signverify_init(void * vctx,void * vec,OSSL_FUNC_signature_set_ctx_params_fn * set_ctx_params,const OSSL_PARAM params[],const char * mdname,int operation,const char * desc)902 static int ecdsa_sigalg_signverify_init(void *vctx, void *vec,
903 OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params,
904 const OSSL_PARAM params[],
905 const char *mdname,
906 int operation, const char *desc)
907 {
908 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
909
910 if (!ossl_prov_is_running())
911 return 0;
912
913 if (!ecdsa_signverify_init(vctx, vec, set_ctx_params, params, operation,
914 desc))
915 return 0;
916
917 if (!ecdsa_setup_md(ctx, mdname, NULL, desc))
918 return 0;
919
920 ctx->flag_sigalg = 1;
921 ctx->flag_allow_md = 0;
922
923 if (ctx->mdctx == NULL) {
924 ctx->mdctx = EVP_MD_CTX_new();
925 if (ctx->mdctx == NULL)
926 goto error;
927 }
928
929 if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
930 goto error;
931
932 return 1;
933
934 error:
935 EVP_MD_CTX_free(ctx->mdctx);
936 ctx->mdctx = NULL;
937 return 0;
938 }
939
ecdsa_sigalg_query_key_types(void)940 static const char **ecdsa_sigalg_query_key_types(void)
941 {
942 static const char *keytypes[] = { "EC", NULL };
943
944 return keytypes;
945 }
946
947 static const OSSL_PARAM settable_sigalg_ctx_params[] = {
948 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0),
949 ECDSA_COMMON_SETTABLE_CTX_PARAMS
950 };
951
ecdsa_sigalg_settable_ctx_params(void * vctx,ossl_unused void * provctx)952 static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx,
953 ossl_unused void *provctx)
954 {
955 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
956
957 if (ctx != NULL && ctx->operation == EVP_PKEY_OP_VERIFYMSG)
958 return settable_sigalg_ctx_params;
959 return NULL;
960 }
961
ecdsa_sigalg_set_ctx_params(void * vctx,const OSSL_PARAM params[])962 static int ecdsa_sigalg_set_ctx_params(void *vctx, const OSSL_PARAM params[])
963 {
964 PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
965 const OSSL_PARAM *p;
966 int ret;
967
968 if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0)
969 return ret;
970
971 if (params == NULL)
972 return 1;
973
974 if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) {
975 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE);
976 if (p != NULL) {
977 OPENSSL_free(ctx->sig);
978 ctx->sig = NULL;
979 ctx->siglen = 0;
980 if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sig,
981 0, &ctx->siglen))
982 return 0;
983 }
984 }
985 return 1;
986 }
987
988 #define IMPL_ECDSA_SIGALG(md, MD) \
989 static OSSL_FUNC_signature_sign_init_fn ecdsa_##md##_sign_init; \
990 static OSSL_FUNC_signature_sign_message_init_fn \
991 ecdsa_##md##_sign_message_init; \
992 static OSSL_FUNC_signature_verify_init_fn ecdsa_##md##_verify_init; \
993 static OSSL_FUNC_signature_verify_message_init_fn \
994 ecdsa_##md##_verify_message_init; \
995 \
996 static int \
997 ecdsa_##md##_sign_init(void *vctx, void *vec, \
998 const OSSL_PARAM params[]) \
999 { \
1000 static const char desc[] = "ECDSA-" #MD " Sign Init"; \
1001 \
1002 return ecdsa_sigalg_signverify_init(vctx, vec, \
1003 ecdsa_sigalg_set_ctx_params, \
1004 params, #MD, \
1005 EVP_PKEY_OP_SIGN, \
1006 desc); \
1007 } \
1008 \
1009 static int \
1010 ecdsa_##md##_sign_message_init(void *vctx, void *vec, \
1011 const OSSL_PARAM params[]) \
1012 { \
1013 static const char desc[] = "ECDSA-" #MD " Sign Message Init"; \
1014 \
1015 return ecdsa_sigalg_signverify_init(vctx, vec, \
1016 ecdsa_sigalg_set_ctx_params, \
1017 params, #MD, \
1018 EVP_PKEY_OP_SIGNMSG, \
1019 desc); \
1020 } \
1021 \
1022 static int \
1023 ecdsa_##md##_verify_init(void *vctx, void *vec, \
1024 const OSSL_PARAM params[]) \
1025 { \
1026 static const char desc[] = "ECDSA-" #MD " Verify Init"; \
1027 \
1028 return ecdsa_sigalg_signverify_init(vctx, vec, \
1029 ecdsa_sigalg_set_ctx_params, \
1030 params, #MD, \
1031 EVP_PKEY_OP_VERIFY, \
1032 desc); \
1033 } \
1034 \
1035 static int \
1036 ecdsa_##md##_verify_message_init(void *vctx, void *vec, \
1037 const OSSL_PARAM params[]) \
1038 { \
1039 static const char desc[] = "ECDSA-" #MD " Verify Message Init"; \
1040 \
1041 return ecdsa_sigalg_signverify_init(vctx, vec, \
1042 ecdsa_sigalg_set_ctx_params, \
1043 params, #MD, \
1044 EVP_PKEY_OP_VERIFYMSG, \
1045 desc); \
1046 } \
1047 \
1048 const OSSL_DISPATCH ossl_ecdsa_##md##_signature_functions[] = { \
1049 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, \
1050 { OSSL_FUNC_SIGNATURE_SIGN_INIT, \
1051 (void (*)(void))ecdsa_##md##_sign_init }, \
1052 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign }, \
1053 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \
1054 (void (*)(void))ecdsa_##md##_sign_message_init }, \
1055 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE, \
1056 (void (*)(void))ecdsa_signverify_message_update }, \
1057 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL, \
1058 (void (*)(void))ecdsa_sign_message_final }, \
1059 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, \
1060 (void (*)(void))ecdsa_##md##_verify_init }, \
1061 { OSSL_FUNC_SIGNATURE_VERIFY, \
1062 (void (*)(void))ecdsa_verify }, \
1063 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \
1064 (void (*)(void))ecdsa_##md##_verify_message_init }, \
1065 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE, \
1066 (void (*)(void))ecdsa_signverify_message_update }, \
1067 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL, \
1068 (void (*)(void))ecdsa_verify_message_final }, \
1069 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx }, \
1070 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx }, \
1071 { OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES, \
1072 (void (*)(void))ecdsa_sigalg_query_key_types }, \
1073 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \
1074 (void (*)(void))ecdsa_get_ctx_params }, \
1075 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \
1076 (void (*)(void))ecdsa_gettable_ctx_params }, \
1077 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \
1078 (void (*)(void))ecdsa_sigalg_set_ctx_params }, \
1079 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \
1080 (void (*)(void))ecdsa_sigalg_settable_ctx_params }, \
1081 OSSL_DISPATCH_END \
1082 }
1083
1084 IMPL_ECDSA_SIGALG(sha1, SHA1);
1085 IMPL_ECDSA_SIGALG(sha224, SHA2-224);
1086 IMPL_ECDSA_SIGALG(sha256, SHA2-256);
1087 IMPL_ECDSA_SIGALG(sha384, SHA2-384);
1088 IMPL_ECDSA_SIGALG(sha512, SHA2-512);
1089 IMPL_ECDSA_SIGALG(sha3_224, SHA3-224);
1090 IMPL_ECDSA_SIGALG(sha3_256, SHA3-256);
1091 IMPL_ECDSA_SIGALG(sha3_384, SHA3-384);
1092 IMPL_ECDSA_SIGALG(sha3_512, SHA3-512);
1093