Coverage Report

Created: 2024-11-21 07:03

/src/openssl/crypto/evp/signature.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <openssl/err.h>
11
#include <stdio.h>
12
#include <stdlib.h>
13
#include <openssl/core_names.h>
14
#include <openssl/objects.h>
15
#include <openssl/evp.h>
16
#include "internal/numbers.h"   /* includes SIZE_MAX */
17
#include "internal/cryptlib.h"
18
#include "internal/provider.h"
19
#include "internal/core.h"
20
#include "crypto/evp.h"
21
#include "evp_local.h"
22
23
static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
24
88
{
25
88
    EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
26
27
88
    if (signature == NULL)
28
0
        return NULL;
29
30
88
    if (!CRYPTO_NEW_REF(&signature->refcnt, 1)) {
31
0
        OPENSSL_free(signature);
32
0
        return NULL;
33
0
    }
34
35
88
    signature->prov = prov;
36
88
    ossl_provider_up_ref(prov);
37
38
88
    return signature;
39
88
}
40
41
static void *evp_signature_from_algorithm(int name_id,
42
                                          const OSSL_ALGORITHM *algodef,
43
                                          OSSL_PROVIDER *prov)
44
88
{
45
88
    const OSSL_DISPATCH *fns = algodef->implementation;
46
88
    EVP_SIGNATURE *signature = NULL;
47
    /* Counts newctx / freectx */
48
88
    int ctxfncnt = 0;
49
    /* Counts all init functions  */
50
88
    int initfncnt = 0;
51
    /* Counts all parameter functions */
52
88
    int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
53
88
    int valid = 0;
54
55
88
    if ((signature = evp_signature_new(prov)) == NULL) {
56
0
        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
57
0
        goto err;
58
0
    }
59
60
88
    signature->name_id = name_id;
61
88
    if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
62
0
        goto err;
63
88
    signature->description = algodef->algorithm_description;
64
65
1.65k
    for (; fns->function_id != 0; fns++) {
66
1.56k
        switch (fns->function_id) {
67
88
        case OSSL_FUNC_SIGNATURE_NEWCTX:
68
88
            if (signature->newctx != NULL)
69
0
                break;
70
88
            signature->newctx = OSSL_FUNC_signature_newctx(fns);
71
88
            ctxfncnt++;
72
88
            break;
73
84
        case OSSL_FUNC_SIGNATURE_SIGN_INIT:
74
84
            if (signature->sign_init != NULL)
75
4
                break;
76
80
            signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
77
80
            initfncnt++;
78
80
            break;
79
80
        case OSSL_FUNC_SIGNATURE_SIGN:
80
80
            if (signature->sign != NULL)
81
0
                break;
82
80
            signature->sign = OSSL_FUNC_signature_sign(fns);
83
80
            break;
84
72
        case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT:
85
72
            if (signature->sign_message_init != NULL)
86
0
                break;
87
72
            signature->sign_message_init
88
72
                = OSSL_FUNC_signature_sign_message_init(fns);
89
72
            initfncnt++;
90
72
            break;
91
62
        case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE:
92
62
            if (signature->sign_message_update != NULL)
93
0
                break;
94
62
            signature->sign_message_update
95
62
                = OSSL_FUNC_signature_sign_message_update(fns);
96
62
            break;
97
62
        case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL:
98
62
            if (signature->sign_message_final != NULL)
99
0
                break;
100
62
            signature->sign_message_final
101
62
                = OSSL_FUNC_signature_sign_message_final(fns);
102
62
            break;
103
84
        case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
104
84
            if (signature->verify_init != NULL)
105
4
                break;
106
80
            signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
107
80
            initfncnt++;
108
80
            break;
109
80
        case OSSL_FUNC_SIGNATURE_VERIFY:
110
80
            if (signature->verify != NULL)
111
0
                break;
112
80
            signature->verify = OSSL_FUNC_signature_verify(fns);
113
80
            break;
114
72
        case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT:
115
72
            if (signature->verify_message_init != NULL)
116
0
                break;
117
72
            signature->verify_message_init
118
72
                = OSSL_FUNC_signature_verify_message_init(fns);
119
72
            initfncnt++;
120
72
            break;
121
62
        case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE:
122
62
            if (signature->verify_message_update != NULL)
123
0
                break;
124
62
            signature->verify_message_update
125
62
                = OSSL_FUNC_signature_verify_message_update(fns);
126
62
            break;
127
62
        case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL:
128
62
            if (signature->verify_message_final != NULL)
129
0
                break;
130
62
            signature->verify_message_final
131
62
                = OSSL_FUNC_signature_verify_message_final(fns);
132
62
            break;
133
28
        case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
134
28
            if (signature->verify_recover_init != NULL)
135
0
                break;
136
28
            signature->verify_recover_init
137
28
                = OSSL_FUNC_signature_verify_recover_init(fns);
138
28
            initfncnt++;
139
28
            break;
140
28
        case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
141
28
            if (signature->verify_recover != NULL)
142
0
                break;
143
28
            signature->verify_recover
144
28
                = OSSL_FUNC_signature_verify_recover(fns);
145
28
            break;
146
20
        case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
147
20
            if (signature->digest_sign_init != NULL)
148
0
                break;
149
20
            signature->digest_sign_init
150
20
                = OSSL_FUNC_signature_digest_sign_init(fns);
151
20
            initfncnt++;
152
20
            break;
153
16
        case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
154
16
            if (signature->digest_sign_update != NULL)
155
0
                break;
156
16
            signature->digest_sign_update
157
16
                = OSSL_FUNC_signature_digest_sign_update(fns);
158
16
            break;
159
16
        case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
160
16
            if (signature->digest_sign_final != NULL)
161
0
                break;
162
16
            signature->digest_sign_final
163
16
                = OSSL_FUNC_signature_digest_sign_final(fns);
164
16
            break;
165
4
        case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
166
4
            if (signature->digest_sign != NULL)
167
0
                break;
168
4
            signature->digest_sign
169
4
                = OSSL_FUNC_signature_digest_sign(fns);
170
4
            break;
171
12
        case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
172
12
            if (signature->digest_verify_init != NULL)
173
0
                break;
174
12
            signature->digest_verify_init
175
12
                = OSSL_FUNC_signature_digest_verify_init(fns);
176
12
            initfncnt++;
177
12
            break;
178
8
        case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
179
8
            if (signature->digest_verify_update != NULL)
180
0
                break;
181
8
            signature->digest_verify_update
182
8
                = OSSL_FUNC_signature_digest_verify_update(fns);
183
8
            break;
184
8
        case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
185
8
            if (signature->digest_verify_final != NULL)
186
0
                break;
187
8
            signature->digest_verify_final
188
8
                = OSSL_FUNC_signature_digest_verify_final(fns);
189
8
            break;
190
4
        case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
191
4
            if (signature->digest_verify != NULL)
192
0
                break;
193
4
            signature->digest_verify
194
4
                = OSSL_FUNC_signature_digest_verify(fns);
195
4
            break;
196
88
        case OSSL_FUNC_SIGNATURE_FREECTX:
197
88
            if (signature->freectx != NULL)
198
0
                break;
199
88
            signature->freectx = OSSL_FUNC_signature_freectx(fns);
200
88
            ctxfncnt++;
201
88
            break;
202
88
        case OSSL_FUNC_SIGNATURE_DUPCTX:
203
88
            if (signature->dupctx != NULL)
204
0
                break;
205
88
            signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
206
88
            break;
207
80
        case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
208
80
            if (signature->get_ctx_params != NULL)
209
0
                break;
210
80
            signature->get_ctx_params
211
80
                = OSSL_FUNC_signature_get_ctx_params(fns);
212
80
            gparamfncnt++;
213
80
            break;
214
80
        case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
215
80
            if (signature->gettable_ctx_params != NULL)
216
0
                break;
217
80
            signature->gettable_ctx_params
218
80
                = OSSL_FUNC_signature_gettable_ctx_params(fns);
219
80
            gparamfncnt++;
220
80
            break;
221
88
        case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
222
88
            if (signature->set_ctx_params != NULL)
223
0
                break;
224
88
            signature->set_ctx_params
225
88
                = OSSL_FUNC_signature_set_ctx_params(fns);
226
88
            sparamfncnt++;
227
88
            break;
228
88
        case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
229
88
            if (signature->settable_ctx_params != NULL)
230
0
                break;
231
88
            signature->settable_ctx_params
232
88
                = OSSL_FUNC_signature_settable_ctx_params(fns);
233
88
            sparamfncnt++;
234
88
            break;
235
8
        case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
236
8
            if (signature->get_ctx_md_params != NULL)
237
0
                break;
238
8
            signature->get_ctx_md_params
239
8
                = OSSL_FUNC_signature_get_ctx_md_params(fns);
240
8
            gmdparamfncnt++;
241
8
            break;
242
8
        case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
243
8
            if (signature->gettable_ctx_md_params != NULL)
244
0
                break;
245
8
            signature->gettable_ctx_md_params
246
8
                = OSSL_FUNC_signature_gettable_ctx_md_params(fns);
247
8
            gmdparamfncnt++;
248
8
            break;
249
8
        case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
250
8
            if (signature->set_ctx_md_params != NULL)
251
0
                break;
252
8
            signature->set_ctx_md_params
253
8
                = OSSL_FUNC_signature_set_ctx_md_params(fns);
254
8
            smdparamfncnt++;
255
8
            break;
256
8
        case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
257
8
            if (signature->settable_ctx_md_params != NULL)
258
0
                break;
259
8
            signature->settable_ctx_md_params
260
8
                = OSSL_FUNC_signature_settable_ctx_md_params(fns);
261
8
            smdparamfncnt++;
262
8
            break;
263
72
        case OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES:
264
72
            if (signature->query_key_types != NULL)
265
0
                break;
266
72
            signature->query_key_types
267
72
                = OSSL_FUNC_signature_query_key_types(fns);
268
72
            break;
269
1.56k
        }
270
1.56k
    }
271
    /*
272
     * In order to be a consistent set of functions we must have at least
273
     * a set of context functions (newctx and freectx) as well as a set of
274
     * "signature" functions.  Because there's an overlap between some sets
275
     * of functions, counters don't always cut it, we must test known
276
     * combinations.
277
     * We start by assuming the implementation is valid, and then look for
278
     * reasons it's not.
279
     */
280
88
    valid = 1;
281
    /* Start with the ones where counters say enough */
282
88
    if (ctxfncnt != 2)
283
        /* newctx or freectx missing */
284
0
        valid = 0;
285
88
    if (valid
286
88
        && ((gparamfncnt != 0 && gparamfncnt != 2)
287
88
            || (sparamfncnt != 0 && sparamfncnt != 2)
288
88
            || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
289
88
            || (smdparamfncnt != 0 && smdparamfncnt != 2)))
290
        /*
291
         * Params functions are optional, but if defined, they must
292
         * be pairwise complete sets, i.e. a getter must have an
293
         * associated gettable, etc
294
         */
295
0
        valid = 0;
296
88
    if (valid && initfncnt == 0)
297
        /* No init functions */
298
0
        valid = 0;
299
300
    /* Now we check for function combinations */
301
88
    if (valid
302
88
        && ((signature->sign_init != NULL
303
88
             && signature->sign == NULL)
304
88
            || (signature->sign_message_init != NULL
305
88
                && signature->sign == NULL
306
88
                && (signature->sign_message_update == NULL
307
0
                    || signature->sign_message_final == NULL))))
308
        /* sign_init functions with no signing function?  That's weird */
309
0
        valid = 0;
310
88
    if (valid
311
88
        && (signature->sign != NULL
312
88
            || signature->sign_message_update != NULL
313
88
            || signature->sign_message_final != NULL)
314
88
        && signature->sign_init == NULL
315
88
        && signature->sign_message_init == NULL)
316
        /* signing functions with no sign_init? That's odd */
317
0
        valid = 0;
318
319
88
    if (valid
320
88
        && ((signature->verify_init != NULL
321
88
             && signature->verify == NULL)
322
88
            || (signature->verify_message_init != NULL
323
88
                && signature->verify == NULL
324
88
                && (signature->verify_message_update == NULL
325
0
                    || signature->verify_message_final == NULL))))
326
        /* verify_init functions with no verification function?  That's weird */
327
0
        valid = 0;
328
88
    if (valid
329
88
        && (signature->verify != NULL
330
88
            || signature->verify_message_update != NULL
331
88
            || signature->verify_message_final != NULL)
332
88
        && signature->verify_init == NULL
333
88
        && signature->verify_message_init == NULL)
334
        /* verification functions with no verify_init? That's odd */
335
0
        valid = 0;
336
337
88
    if (valid
338
88
        && (signature->verify_recover_init != NULL)
339
88
            && (signature->verify_recover == NULL))
340
        /* verify_recover_init functions with no verify_recover?  How quaint */
341
0
        valid = 0;
342
343
88
    if (valid
344
88
        && (signature->digest_sign_init != NULL
345
88
            && signature->digest_sign == NULL
346
88
            && (signature->digest_sign_update == NULL
347
16
                || signature->digest_sign_final == NULL)))
348
        /*
349
         * You can't have a digest_sign_init without *some* performing functions
350
         */
351
0
        valid = 0;
352
353
88
    if (valid
354
88
        && ((signature->digest_verify_init != NULL
355
88
             && signature->digest_verify == NULL
356
88
             && (signature->digest_verify_update == NULL
357
8
                 || signature->digest_verify_final == NULL))))
358
        /*
359
         * You can't have a digest_verify_init without *some* performing functions
360
         */
361
0
        valid = 0;
362
363
88
    if (!valid) {
364
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
365
0
        goto err;
366
0
    }
367
368
88
    return signature;
369
0
 err:
370
0
    EVP_SIGNATURE_free(signature);
371
0
    return NULL;
372
88
}
373
374
void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
375
42.1k
{
376
42.1k
    int i;
377
378
42.1k
    if (signature == NULL)
379
2.91k
        return;
380
39.2k
    CRYPTO_DOWN_REF(&signature->refcnt, &i);
381
39.2k
    if (i > 0)
382
39.1k
        return;
383
88
    OPENSSL_free(signature->type_name);
384
88
    ossl_provider_free(signature->prov);
385
88
    CRYPTO_FREE_REF(&signature->refcnt);
386
88
    OPENSSL_free(signature);
387
88
}
388
389
int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
390
39.1k
{
391
39.1k
    int ref = 0;
392
393
39.1k
    CRYPTO_UP_REF(&signature->refcnt, &ref);
394
39.1k
    return 1;
395
39.1k
}
396
397
OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature)
398
2.91k
{
399
2.91k
    return signature->prov;
400
2.91k
}
401
402
EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
403
                                   const char *properties)
404
2.91k
{
405
2.91k
    return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
406
2.91k
                             evp_signature_from_algorithm,
407
2.91k
                             (int (*)(void *))EVP_SIGNATURE_up_ref,
408
2.91k
                             (void (*)(void *))EVP_SIGNATURE_free);
409
2.91k
}
410
411
EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov,
412
                                             const char *algorithm,
413
                                             const char *properties)
414
0
{
415
0
    return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE,
416
0
                                       algorithm, properties,
417
0
                                       evp_signature_from_algorithm,
418
0
                                       (int (*)(void *))EVP_SIGNATURE_up_ref,
419
0
                                       (void (*)(void *))EVP_SIGNATURE_free);
420
0
}
421
422
int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
423
0
{
424
0
    return signature != NULL
425
0
           && evp_is_a(signature->prov, signature->name_id, NULL, name);
426
0
}
427
428
int evp_signature_get_number(const EVP_SIGNATURE *signature)
429
0
{
430
0
    return signature->name_id;
431
0
}
432
433
const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature)
434
0
{
435
0
    return signature->type_name;
436
0
}
437
438
const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature)
439
0
{
440
0
    return signature->description;
441
0
}
442
443
void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
444
                                   void (*fn)(EVP_SIGNATURE *signature,
445
                                              void *arg),
446
                                   void *arg)
447
0
{
448
0
    evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
449
0
                       (void (*)(void *, void *))fn, arg,
450
0
                       evp_signature_from_algorithm,
451
0
                       (int (*)(void *))EVP_SIGNATURE_up_ref,
452
0
                       (void (*)(void *))EVP_SIGNATURE_free);
453
0
}
454
455
456
int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
457
                               void (*fn)(const char *name, void *data),
458
                               void *data)
459
0
{
460
0
    if (signature->prov != NULL)
461
0
        return evp_names_do_all(signature->prov, signature->name_id, fn, data);
462
463
0
    return 1;
464
0
}
465
466
const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig)
467
0
{
468
0
    void *provctx;
469
470
0
    if (sig == NULL || sig->gettable_ctx_params == NULL)
471
0
        return NULL;
472
473
0
    provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
474
0
    return sig->gettable_ctx_params(NULL, provctx);
475
0
}
476
477
const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig)
478
0
{
479
0
    void *provctx;
480
481
0
    if (sig == NULL || sig->settable_ctx_params == NULL)
482
0
        return NULL;
483
484
0
    provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
485
0
    return sig->settable_ctx_params(NULL, provctx);
486
0
}
487
488
static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
489
                                   int operation, const OSSL_PARAM params[])
490
0
{
491
0
    int ret = 0;
492
0
    void *provkey = NULL;
493
0
    EVP_KEYMGMT *tmp_keymgmt = NULL;
494
0
    const OSSL_PROVIDER *tmp_prov = NULL;
495
0
    const char *supported_sig = NULL;
496
0
    int iter;
497
498
0
    if (ctx == NULL) {
499
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
500
0
        return -1;
501
0
    }
502
503
0
    evp_pkey_ctx_free_old_ops(ctx);
504
0
    ctx->operation = operation;
505
506
0
    if (signature != NULL) {
507
        /*
508
         * It's important to figure out what the key type should be, and if
509
         * that is what we have in ctx.
510
         */
511
512
0
        EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
513
514
0
        if (ctx->pkey == NULL) {
515
0
            ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
516
0
            goto err;
517
0
        }
518
519
        /*
520
         * Ensure that the key is provided, either natively, or as a
521
         * cached export.  We start by fetching the keymgmt with the same
522
         * name as |ctx->pkey|, but from the provider of the signature
523
         * method, using the same property query as when fetching the
524
         * signature method.  With the keymgmt we found (if we did), we
525
         * try to export |ctx->pkey| to it (evp_pkey_export_to_provider()
526
         * is smart enough to only actually export it if |tmp_keymgmt|
527
         * is different from |ctx->pkey|'s keymgmt)
528
         */
529
0
        tmp_prov = EVP_SIGNATURE_get0_provider(signature);
530
0
        tmp_keymgmt_tofree = tmp_keymgmt =
531
0
            evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
532
0
                                        EVP_KEYMGMT_get0_name(ctx->keymgmt),
533
0
                                        ctx->propquery);
534
0
        if (tmp_keymgmt != NULL)
535
0
            provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
536
0
                                                  &tmp_keymgmt, ctx->propquery);
537
0
        if (tmp_keymgmt == NULL)
538
0
            EVP_KEYMGMT_free(tmp_keymgmt_tofree);
539
540
0
        if (provkey == NULL)
541
0
            goto end;
542
543
        /*
544
         * Check that the signature matches the given key.  This is not
545
         * designed to work with legacy keys, so has to be done after we've
546
         * ensured that the key is at least exported to a provider (above).
547
         */
548
0
        if (signature->query_key_types != NULL) {
549
            /* This is expect to be a NULL terminated array */
550
0
            const char **keytypes;
551
552
0
            keytypes = signature->query_key_types();
553
0
            for (; *keytypes != NULL; keytypes++)
554
0
                if (EVP_PKEY_CTX_is_a(ctx, *keytypes))
555
0
                    break;
556
0
            if (*keytypes == NULL) {
557
0
                ERR_raise(ERR_LIB_EVP, EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE);
558
0
                return -2;
559
0
            }
560
0
        } else {
561
            /*
562
             * Fallback 1:
563
             * check if the keytype is the same as the signature algorithm name
564
             */
565
0
            const char *keytype = EVP_KEYMGMT_get0_name(ctx->keymgmt);
566
0
            int ok = EVP_SIGNATURE_is_a(signature, keytype);
567
568
            /*
569
             * Fallback 2:
570
             * query the pkey for a default signature algorithm name, and check
571
             * if it matches the signature implementation
572
             */
573
0
            if (!ok) {
574
0
                const char *signame
575
0
                    = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
576
0
                                                            OSSL_OP_SIGNATURE);
577
578
0
                ok = EVP_SIGNATURE_is_a(signature, signame);
579
0
            }
580
581
            /* If none of the fallbacks helped, we're lost */
582
0
            if (!ok) {
583
0
                ERR_raise(ERR_LIB_EVP, EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE);
584
0
                return -2;
585
0
            }
586
0
        }
587
588
0
        if (!EVP_SIGNATURE_up_ref(signature))
589
0
            return 0;
590
0
    } else {
591
        /* Without a pre-fetched signature, it must be figured out somehow */
592
0
        ERR_set_mark();
593
594
0
        if (evp_pkey_ctx_is_legacy(ctx))
595
0
            goto legacy;
596
597
0
        if (ctx->pkey == NULL) {
598
0
            ERR_clear_last_mark();
599
0
            ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
600
0
            goto err;
601
0
        }
602
603
        /*
604
         * Try to derive the supported signature from |ctx->keymgmt|.
605
         */
606
0
        if (!ossl_assert(ctx->pkey->keymgmt == NULL
607
0
                         || ctx->pkey->keymgmt == ctx->keymgmt)) {
608
0
            ERR_clear_last_mark();
609
0
            ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
610
0
            goto err;
611
0
        }
612
0
        supported_sig
613
0
            = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
614
0
                                                    OSSL_OP_SIGNATURE);
615
0
        if (supported_sig == NULL) {
616
0
            ERR_clear_last_mark();
617
0
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
618
0
            goto err;
619
0
        }
620
621
        /*
622
         * We perform two iterations:
623
         *
624
         * 1.  Do the normal signature fetch, using the fetching data given by
625
         *     the EVP_PKEY_CTX.
626
         * 2.  Do the provider specific signature fetch, from the same provider
627
         *     as |ctx->keymgmt|
628
         *
629
         * We then try to fetch the keymgmt from the same provider as the
630
         * signature, and try to export |ctx->pkey| to that keymgmt (when
631
         * this keymgmt happens to be the same as |ctx->keymgmt|, the export
632
         * is a no-op, but we call it anyway to not complicate the code even
633
         * more).
634
         * If the export call succeeds (returns a non-NULL provider key pointer),
635
         * we're done and can perform the operation itself.  If not, we perform
636
         * the second iteration, or jump to legacy.
637
         */
638
0
        for (iter = 1; iter < 3 && provkey == NULL; iter++) {
639
0
            EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
640
641
            /*
642
             * If we're on the second iteration, free the results from the first.
643
             * They are NULL on the first iteration, so no need to check what
644
             * iteration we're on.
645
             */
646
0
            EVP_SIGNATURE_free(signature);
647
0
            EVP_KEYMGMT_free(tmp_keymgmt);
648
649
0
            switch (iter) {
650
0
            case 1:
651
0
                signature =
652
0
                    EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
653
0
                if (signature != NULL)
654
0
                    tmp_prov = EVP_SIGNATURE_get0_provider(signature);
655
0
                break;
656
0
            case 2:
657
0
                tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
658
0
                signature =
659
0
                    evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
660
0
                                                  supported_sig, ctx->propquery);
661
0
                if (signature == NULL)
662
0
                    goto legacy;
663
0
                break;
664
0
            }
665
0
            if (signature == NULL)
666
0
                continue;
667
668
            /*
669
             * Ensure that the key is provided, either natively, or as a
670
             * cached export.  We start by fetching the keymgmt with the same
671
             * name as |ctx->pkey|, but from the provider of the signature
672
             * method, using the same property query as when fetching the
673
             * signature method.  With the keymgmt we found (if we did), we
674
             * try to export |ctx->pkey| to it (evp_pkey_export_to_provider()
675
             * is smart enough to only actually export it if |tmp_keymgmt|
676
             * is different from |ctx->pkey|'s keymgmt)
677
             */
678
0
            tmp_keymgmt_tofree = tmp_keymgmt =
679
0
                evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
680
0
                                            EVP_KEYMGMT_get0_name(ctx->keymgmt),
681
0
                                            ctx->propquery);
682
0
            if (tmp_keymgmt != NULL)
683
0
                provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
684
0
                                                      &tmp_keymgmt, ctx->propquery);
685
0
            if (tmp_keymgmt == NULL)
686
0
                EVP_KEYMGMT_free(tmp_keymgmt_tofree);
687
0
        }
688
689
0
        if (provkey == NULL) {
690
0
            EVP_SIGNATURE_free(signature);
691
0
            goto legacy;
692
0
        }
693
694
0
        ERR_pop_to_mark();
695
0
    }
696
697
    /* No more legacy from here down to legacy: */
698
699
0
    ctx->op.sig.signature = signature;
700
0
    ctx->op.sig.algctx =
701
0
        signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
702
0
    if (ctx->op.sig.algctx == NULL) {
703
        /* The provider key can stay in the cache */
704
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
705
0
        goto err;
706
0
    }
707
708
0
    switch (operation) {
709
0
    case EVP_PKEY_OP_SIGN:
710
0
        if (signature->sign_init == NULL) {
711
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
712
0
            ret = -2;
713
0
            goto err;
714
0
        }
715
0
        ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
716
0
        break;
717
0
    case EVP_PKEY_OP_SIGNMSG:
718
0
        if (signature->sign_message_init == NULL) {
719
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
720
0
            ret = -2;
721
0
            goto err;
722
0
        }
723
0
        ret = signature->sign_message_init(ctx->op.sig.algctx, provkey, params);
724
0
        break;
725
0
    case EVP_PKEY_OP_VERIFY:
726
0
        if (signature->verify_init == NULL) {
727
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
728
0
            ret = -2;
729
0
            goto err;
730
0
        }
731
0
        ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
732
0
        break;
733
0
    case EVP_PKEY_OP_VERIFYMSG:
734
0
        if (signature->verify_message_init == NULL) {
735
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
736
0
            ret = -2;
737
0
            goto err;
738
0
        }
739
0
        ret = signature->verify_message_init(ctx->op.sig.algctx, provkey, params);
740
0
        break;
741
0
    case EVP_PKEY_OP_VERIFYRECOVER:
742
0
        if (signature->verify_recover_init == NULL) {
743
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
744
0
            ret = -2;
745
0
            goto err;
746
0
        }
747
0
        ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey, params);
748
0
        break;
749
0
    default:
750
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
751
0
        goto err;
752
0
    }
753
754
0
    if (ret <= 0) {
755
0
        signature->freectx(ctx->op.sig.algctx);
756
0
        ctx->op.sig.algctx = NULL;
757
0
        goto err;
758
0
    }
759
0
    goto end;
760
761
0
 legacy:
762
    /*
763
     * If we don't have the full support we need with provided methods,
764
     * let's go see if legacy does.
765
     */
766
0
    ERR_pop_to_mark();
767
0
    EVP_KEYMGMT_free(tmp_keymgmt);
768
0
    tmp_keymgmt = NULL;
769
770
0
    if (ctx->pmeth == NULL
771
0
            || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
772
0
            || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
773
0
            || (operation == EVP_PKEY_OP_VERIFYRECOVER
774
0
                && ctx->pmeth->verify_recover == NULL)) {
775
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
776
0
        return -2;
777
0
    }
778
779
0
    switch (operation) {
780
0
    case EVP_PKEY_OP_SIGN:
781
0
        if (ctx->pmeth->sign_init == NULL)
782
0
            return 1;
783
0
        ret = ctx->pmeth->sign_init(ctx);
784
0
        break;
785
0
    case EVP_PKEY_OP_VERIFY:
786
0
        if (ctx->pmeth->verify_init == NULL)
787
0
            return 1;
788
0
        ret = ctx->pmeth->verify_init(ctx);
789
0
        break;
790
0
    case EVP_PKEY_OP_VERIFYRECOVER:
791
0
        if (ctx->pmeth->verify_recover_init == NULL)
792
0
            return 1;
793
0
        ret = ctx->pmeth->verify_recover_init(ctx);
794
0
        break;
795
0
    default:
796
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
797
0
        goto err;
798
0
    }
799
0
    if (ret <= 0)
800
0
        goto err;
801
0
 end:
802
0
#ifndef FIPS_MODULE
803
0
    if (ret > 0)
804
0
        ret = evp_pkey_ctx_use_cached_data(ctx);
805
0
#endif
806
807
0
    EVP_KEYMGMT_free(tmp_keymgmt);
808
0
    return ret;
809
0
 err:
810
0
    evp_pkey_ctx_free_old_ops(ctx);
811
0
    ctx->operation = EVP_PKEY_OP_UNDEFINED;
812
0
    EVP_KEYMGMT_free(tmp_keymgmt);
813
0
    return ret;
814
0
}
815
816
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
817
0
{
818
0
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN, NULL);
819
0
}
820
821
int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
822
0
{
823
0
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN, params);
824
0
}
825
826
int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *ctx,
827
                           EVP_SIGNATURE *algo, const OSSL_PARAM params[])
828
0
{
829
0
    return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_SIGN, params);
830
0
}
831
832
int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *ctx,
833
                               EVP_SIGNATURE *algo, const OSSL_PARAM params[])
834
0
{
835
0
    return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_SIGNMSG, params);
836
0
}
837
838
int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
839
                                 const unsigned char *in, size_t inlen)
840
0
{
841
0
    if (ctx == NULL) {
842
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
843
0
        return -1;
844
0
    }
845
846
0
    if (ctx->operation != EVP_PKEY_OP_SIGNMSG) {
847
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
848
0
        return -1;
849
0
    }
850
851
0
    if (ctx->op.sig.signature->sign_message_update == NULL) {
852
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
853
0
        return -2;
854
0
    }
855
856
0
    return ctx->op.sig.signature->sign_message_update(ctx->op.sig.algctx,
857
0
                                                      in, inlen);
858
0
}
859
860
int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
861
                                unsigned char *sig, size_t *siglen)
862
0
{
863
0
    if (ctx == NULL) {
864
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
865
0
        return -1;
866
0
    }
867
868
0
    if (ctx->operation != EVP_PKEY_OP_SIGNMSG) {
869
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
870
0
        return -1;
871
0
    }
872
873
0
    if (ctx->op.sig.signature->sign_message_final == NULL) {
874
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
875
0
        return -2;
876
0
    }
877
878
0
    return ctx->op.sig.signature->sign_message_final(ctx->op.sig.algctx,
879
0
                                                     sig, siglen,
880
0
                                                     (sig == NULL) ? 0 : *siglen);
881
0
}
882
883
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
884
                  unsigned char *sig, size_t *siglen,
885
                  const unsigned char *tbs, size_t tbslen)
886
0
{
887
0
    int ret;
888
889
0
    if (ctx == NULL) {
890
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
891
0
        return -1;
892
0
    }
893
894
0
    if (ctx->operation != EVP_PKEY_OP_SIGN
895
0
        && ctx->operation != EVP_PKEY_OP_SIGNMSG) {
896
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
897
0
        return -1;
898
0
    }
899
900
0
    if (ctx->op.sig.algctx == NULL)
901
0
        goto legacy;
902
903
0
    if (ctx->op.sig.signature->sign == NULL) {
904
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
905
0
        return -2;
906
0
    }
907
908
0
    ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
909
0
                                      (sig == NULL) ? 0 : *siglen, tbs, tbslen);
910
911
0
    return ret;
912
0
 legacy:
913
914
0
    if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
915
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
916
0
        return -2;
917
0
    }
918
919
0
    M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
920
0
        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
921
0
}
922
923
int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
924
0
{
925
0
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY, NULL);
926
0
}
927
928
int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
929
0
{
930
0
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY, params);
931
0
}
932
933
int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *ctx,
934
                             EVP_SIGNATURE *algo, const OSSL_PARAM params[])
935
0
{
936
0
    return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFY, params);
937
0
}
938
939
int EVP_PKEY_verify_message_init(EVP_PKEY_CTX *ctx,
940
                                 EVP_SIGNATURE *algo, const OSSL_PARAM params[])
941
0
{
942
0
    return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFYMSG, params);
943
0
}
944
945
int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *ctx,
946
                               const unsigned char *sig, size_t siglen)
947
0
{
948
0
    OSSL_PARAM sig_params[2], *p = sig_params;
949
950
0
    if (ctx == NULL) {
951
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
952
0
        return 0;
953
0
    }
954
955
0
    *p++ = OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE,
956
                                             /*
957
                                              * Cast away the const. This is
958
                                              * read only so should be safe
959
                                              */
960
0
                                             (char *)sig, siglen);
961
0
    *p = OSSL_PARAM_construct_end();
962
963
0
    return EVP_PKEY_CTX_set_params(ctx, sig_params);
964
0
}
965
966
int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
967
                                   const unsigned char *in, size_t inlen)
968
0
{
969
0
    if (ctx == NULL) {
970
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
971
0
        return -1;
972
0
    }
973
974
0
    if (ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
975
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
976
0
        return -1;
977
0
    }
978
979
0
    if (ctx->op.sig.signature->verify_message_update == NULL) {
980
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
981
0
        return -2;
982
0
    }
983
984
0
    return ctx->op.sig.signature->verify_message_update(ctx->op.sig.algctx,
985
0
                                                        in, inlen);
986
0
}
987
988
int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx)
989
0
{
990
0
    if (ctx == NULL) {
991
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
992
0
        return -1;
993
0
    }
994
995
0
    if (ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
996
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
997
0
        return -1;
998
0
    }
999
1000
0
    if (ctx->op.sig.signature->verify_message_final == NULL) {
1001
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1002
0
        return -2;
1003
0
    }
1004
1005
    /* The signature must have been set with EVP_PKEY_CTX_set_signature() */
1006
0
    return ctx->op.sig.signature->verify_message_final(ctx->op.sig.algctx);
1007
0
}
1008
1009
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
1010
                    const unsigned char *sig, size_t siglen,
1011
                    const unsigned char *tbs, size_t tbslen)
1012
0
{
1013
0
    int ret;
1014
1015
0
    if (ctx == NULL) {
1016
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1017
0
        return -1;
1018
0
    }
1019
1020
0
    if (ctx->operation != EVP_PKEY_OP_VERIFY
1021
0
        && ctx->operation != EVP_PKEY_OP_VERIFYMSG) {
1022
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1023
0
        return -1;
1024
0
    }
1025
1026
0
    if (ctx->op.sig.algctx == NULL)
1027
0
        goto legacy;
1028
1029
0
    if (ctx->op.sig.signature->verify == NULL) {
1030
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1031
0
        return -2;
1032
0
    }
1033
1034
0
    ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
1035
0
                                        tbs, tbslen);
1036
1037
0
    return ret;
1038
0
 legacy:
1039
0
    if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
1040
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1041
0
        return -2;
1042
0
    }
1043
1044
0
    return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
1045
0
}
1046
1047
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
1048
0
{
1049
0
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER, NULL);
1050
0
}
1051
1052
int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
1053
                                    const OSSL_PARAM params[])
1054
0
{
1055
0
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER, params);
1056
0
}
1057
1058
int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *ctx,
1059
                                     EVP_SIGNATURE *algo, const OSSL_PARAM params[])
1060
0
{
1061
0
    return evp_pkey_signature_init(ctx, algo, EVP_PKEY_OP_VERIFYRECOVER, params);
1062
0
}
1063
1064
int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
1065
                            unsigned char *rout, size_t *routlen,
1066
                            const unsigned char *sig, size_t siglen)
1067
0
{
1068
0
    int ret;
1069
1070
0
    if (ctx == NULL) {
1071
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
1072
0
        return -1;
1073
0
    }
1074
1075
0
    if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
1076
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
1077
0
        return -1;
1078
0
    }
1079
1080
0
    if (ctx->op.sig.algctx == NULL)
1081
0
        goto legacy;
1082
1083
0
    if (ctx->op.sig.signature->verify_recover == NULL) {
1084
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1085
0
        return -2;
1086
0
    }
1087
1088
0
    ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
1089
0
                                                routlen,
1090
0
                                                (rout == NULL ? 0 : *routlen),
1091
0
                                                sig, siglen);
1092
0
    return ret;
1093
0
 legacy:
1094
0
    if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
1095
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1096
0
        return -2;
1097
0
    }
1098
0
    M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
1099
0
        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
1100
0
}