/src/openssl/providers/implementations/signature/dsa_sig.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * DSA low level APIs are deprecated for public use, but still ok for |
12 | | * internal use. |
13 | | */ |
14 | | #include "internal/deprecated.h" |
15 | | |
16 | | #include <string.h> |
17 | | |
18 | | #include <openssl/crypto.h> |
19 | | #include <openssl/core_dispatch.h> |
20 | | #include <openssl/core_names.h> |
21 | | #include <openssl/err.h> |
22 | | #include <openssl/dsa.h> |
23 | | #include <openssl/params.h> |
24 | | #include <openssl/evp.h> |
25 | | #include <openssl/proverr.h> |
26 | | #include "internal/nelem.h" |
27 | | #include "internal/sizes.h" |
28 | | #include "internal/cryptlib.h" |
29 | | #include "prov/providercommon.h" |
30 | | #include "prov/implementations.h" |
31 | | #include "prov/provider_ctx.h" |
32 | | #include "prov/securitycheck.h" |
33 | | #include "prov/der_dsa.h" |
34 | | #include "crypto/dsa.h" |
35 | | |
36 | | static OSSL_FUNC_signature_newctx_fn dsa_newctx; |
37 | | static OSSL_FUNC_signature_sign_init_fn dsa_sign_init; |
38 | | static OSSL_FUNC_signature_verify_init_fn dsa_verify_init; |
39 | | static OSSL_FUNC_signature_sign_fn dsa_sign; |
40 | | static OSSL_FUNC_signature_sign_message_update_fn dsa_signverify_message_update; |
41 | | static OSSL_FUNC_signature_sign_message_final_fn dsa_sign_message_final; |
42 | | static OSSL_FUNC_signature_verify_fn dsa_verify; |
43 | | static OSSL_FUNC_signature_verify_message_update_fn dsa_signverify_message_update; |
44 | | static OSSL_FUNC_signature_verify_message_final_fn dsa_verify_message_final; |
45 | | static OSSL_FUNC_signature_digest_sign_init_fn dsa_digest_sign_init; |
46 | | static OSSL_FUNC_signature_digest_sign_update_fn dsa_digest_signverify_update; |
47 | | static OSSL_FUNC_signature_digest_sign_final_fn dsa_digest_sign_final; |
48 | | static OSSL_FUNC_signature_digest_verify_init_fn dsa_digest_verify_init; |
49 | | static OSSL_FUNC_signature_digest_verify_update_fn dsa_digest_signverify_update; |
50 | | static OSSL_FUNC_signature_digest_verify_final_fn dsa_digest_verify_final; |
51 | | static OSSL_FUNC_signature_freectx_fn dsa_freectx; |
52 | | static OSSL_FUNC_signature_dupctx_fn dsa_dupctx; |
53 | | static OSSL_FUNC_signature_query_key_types_fn dsa_sigalg_query_key_types; |
54 | | static OSSL_FUNC_signature_get_ctx_params_fn dsa_get_ctx_params; |
55 | | static OSSL_FUNC_signature_gettable_ctx_params_fn dsa_gettable_ctx_params; |
56 | | static OSSL_FUNC_signature_set_ctx_params_fn dsa_set_ctx_params; |
57 | | static OSSL_FUNC_signature_settable_ctx_params_fn dsa_settable_ctx_params; |
58 | | static OSSL_FUNC_signature_get_ctx_md_params_fn dsa_get_ctx_md_params; |
59 | | static OSSL_FUNC_signature_gettable_ctx_md_params_fn dsa_gettable_ctx_md_params; |
60 | | static OSSL_FUNC_signature_set_ctx_md_params_fn dsa_set_ctx_md_params; |
61 | | static OSSL_FUNC_signature_settable_ctx_md_params_fn dsa_settable_ctx_md_params; |
62 | | static OSSL_FUNC_signature_set_ctx_params_fn dsa_sigalg_set_ctx_params; |
63 | | static OSSL_FUNC_signature_settable_ctx_params_fn dsa_sigalg_settable_ctx_params; |
64 | | |
65 | | /* |
66 | | * What's passed as an actual key is defined by the KEYMGMT interface. |
67 | | * We happen to know that our KEYMGMT simply passes DSA structures, so |
68 | | * we use that here too. |
69 | | */ |
70 | | |
71 | | typedef struct { |
72 | | OSSL_LIB_CTX *libctx; |
73 | | char *propq; |
74 | | DSA *dsa; |
75 | | /* |operation| reuses EVP's operation bitfield */ |
76 | | int operation; |
77 | | |
78 | | /* |
79 | | * Flag to determine if a full sigalg is run (1) or if a composable |
80 | | * signature algorithm is run (0). |
81 | | * |
82 | | * When a full sigalg is run (1), this currently affects the following |
83 | | * other flags, which are to remain untouched after their initialization: |
84 | | * |
85 | | * - flag_allow_md (initialized to 0) |
86 | | */ |
87 | | unsigned int flag_sigalg : 1; |
88 | | /* |
89 | | * Flag to determine if the hash function can be changed (1) or not (0) |
90 | | * Because it's dangerous to change during a DigestSign or DigestVerify |
91 | | * operation, this flag is cleared by their Init function, and set again |
92 | | * by their Final function. |
93 | | */ |
94 | | unsigned int flag_allow_md : 1; |
95 | | |
96 | | /* If this is set to 1 then the generated k is not random */ |
97 | | unsigned int nonce_type; |
98 | | |
99 | | /* The Algorithm Identifier of the combined signature algorithm */ |
100 | | unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; |
101 | | size_t aid_len; |
102 | | |
103 | | /* main digest */ |
104 | | char mdname[OSSL_MAX_NAME_SIZE]; |
105 | | EVP_MD *md; |
106 | | EVP_MD_CTX *mdctx; |
107 | | |
108 | | /* Signature, for verification */ |
109 | | unsigned char *sig; |
110 | | size_t siglen; |
111 | | |
112 | | OSSL_FIPS_IND_DECLARE |
113 | | } PROV_DSA_CTX; |
114 | | |
115 | | static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx) |
116 | 0 | { |
117 | 0 | int md_size; |
118 | |
|
119 | 0 | if (pdsactx->md != NULL) { |
120 | 0 | md_size = EVP_MD_get_size(pdsactx->md); |
121 | 0 | if (md_size <= 0) |
122 | 0 | return 0; |
123 | 0 | return (size_t)md_size; |
124 | 0 | } |
125 | 0 | return 0; |
126 | 0 | } |
127 | | |
128 | | static void *dsa_newctx(void *provctx, const char *propq) |
129 | 0 | { |
130 | 0 | PROV_DSA_CTX *pdsactx; |
131 | |
|
132 | 0 | if (!ossl_prov_is_running()) |
133 | 0 | return NULL; |
134 | | |
135 | 0 | pdsactx = OPENSSL_zalloc(sizeof(PROV_DSA_CTX)); |
136 | 0 | if (pdsactx == NULL) |
137 | 0 | return NULL; |
138 | | |
139 | 0 | pdsactx->libctx = PROV_LIBCTX_OF(provctx); |
140 | 0 | pdsactx->flag_allow_md = 1; |
141 | 0 | OSSL_FIPS_IND_INIT(pdsactx) |
142 | 0 | if (propq != NULL && (pdsactx->propq = OPENSSL_strdup(propq)) == NULL) { |
143 | 0 | OPENSSL_free(pdsactx); |
144 | 0 | pdsactx = NULL; |
145 | 0 | } |
146 | 0 | return pdsactx; |
147 | 0 | } |
148 | | |
149 | | static int dsa_setup_md(PROV_DSA_CTX *ctx, |
150 | | const char *mdname, const char *mdprops, |
151 | | const char *desc) |
152 | 0 | { |
153 | 0 | EVP_MD *md = NULL; |
154 | |
|
155 | 0 | if (mdprops == NULL) |
156 | 0 | mdprops = ctx->propq; |
157 | |
|
158 | 0 | if (mdname != NULL) { |
159 | 0 | WPACKET pkt; |
160 | 0 | int md_nid; |
161 | 0 | size_t mdname_len = strlen(mdname); |
162 | 0 | unsigned char *aid = NULL; |
163 | |
|
164 | 0 | md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); |
165 | 0 | md_nid = ossl_digest_get_approved_nid(md); |
166 | |
|
167 | 0 | if (md == NULL || md_nid < 0) { |
168 | 0 | if (md == NULL) |
169 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, |
170 | 0 | "%s could not be fetched", mdname); |
171 | 0 | if (md_nid == NID_undef) |
172 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, |
173 | 0 | "digest=%s", mdname); |
174 | 0 | if (mdname_len >= sizeof(ctx->mdname)) |
175 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, |
176 | 0 | "%s exceeds name buffer length", mdname); |
177 | 0 | goto err; |
178 | 0 | } |
179 | | /* XOF digests don't work */ |
180 | 0 | if (EVP_MD_xof(md)) { |
181 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); |
182 | 0 | goto err; |
183 | 0 | } |
184 | | #ifdef FIPS_MODULE |
185 | | { |
186 | | int sha1_allowed |
187 | | = ((ctx->operation |
188 | | & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); |
189 | | |
190 | | if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), |
191 | | OSSL_FIPS_IND_SETTABLE1, |
192 | | ctx->libctx, |
193 | | md_nid, sha1_allowed, desc, |
194 | | ossl_fips_config_signature_digest_check)) |
195 | | goto err; |
196 | | } |
197 | | #endif |
198 | | |
199 | 0 | if (!ctx->flag_allow_md) { |
200 | 0 | if (ctx->mdname[0] != '\0' |
201 | 0 | && !EVP_MD_is_a(md, ctx->mdname)) { |
202 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, |
203 | 0 | "digest %s != %s", mdname, ctx->mdname); |
204 | 0 | goto err; |
205 | 0 | } |
206 | 0 | EVP_MD_free(md); |
207 | 0 | return 1; |
208 | 0 | } |
209 | | |
210 | 0 | EVP_MD_CTX_free(ctx->mdctx); |
211 | 0 | EVP_MD_free(ctx->md); |
212 | | |
213 | | /* |
214 | | * We do not care about DER writing errors. |
215 | | * All it really means is that for some reason, there's no |
216 | | * AlgorithmIdentifier to be had, but the operation itself is |
217 | | * still valid, just as long as it's not used to construct |
218 | | * anything that needs an AlgorithmIdentifier. |
219 | | */ |
220 | 0 | ctx->aid_len = 0; |
221 | 0 | if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) |
222 | 0 | && ossl_DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa, |
223 | 0 | md_nid) |
224 | 0 | && WPACKET_finish(&pkt)) { |
225 | 0 | WPACKET_get_total_written(&pkt, &ctx->aid_len); |
226 | 0 | aid = WPACKET_get_curr(&pkt); |
227 | 0 | } |
228 | 0 | WPACKET_cleanup(&pkt); |
229 | 0 | if (aid != NULL && ctx->aid_len != 0) |
230 | 0 | memmove(ctx->aid_buf, aid, ctx->aid_len); |
231 | |
|
232 | 0 | ctx->mdctx = NULL; |
233 | 0 | ctx->md = md; |
234 | 0 | OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); |
235 | 0 | } |
236 | | |
237 | 0 | return 1; |
238 | 0 | err: |
239 | 0 | EVP_MD_free(md); |
240 | 0 | return 0; |
241 | 0 | } |
242 | | |
243 | | #ifdef FIPS_MODULE |
244 | | |
245 | | static int dsa_sign_check_approved(PROV_DSA_CTX *ctx, int signing, |
246 | | const char *desc) |
247 | | { |
248 | | /* DSA Signing is not approved in FIPS 140-3 */ |
249 | | if (signing |
250 | | && !OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE2, |
251 | | ctx->libctx, desc, "DSA", |
252 | | ossl_fips_config_dsa_sign_disallowed)) |
253 | | return 0; |
254 | | return 1; |
255 | | } |
256 | | |
257 | | static int dsa_check_key(PROV_DSA_CTX *ctx, int sign, const char *desc) |
258 | | { |
259 | | int approved = ossl_dsa_check_key(ctx->dsa, sign); |
260 | | |
261 | | if (!approved) { |
262 | | if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, |
263 | | ctx->libctx, desc, "DSA Key", |
264 | | ossl_fips_config_signature_digest_check)) { |
265 | | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); |
266 | | return 0; |
267 | | } |
268 | | } |
269 | | return 1; |
270 | | } |
271 | | #endif |
272 | | |
273 | | static int |
274 | | dsa_signverify_init(void *vpdsactx, void *vdsa, |
275 | | OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, |
276 | | const OSSL_PARAM params[], int operation, |
277 | | const char *desc) |
278 | 0 | { |
279 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
280 | |
|
281 | 0 | if (!ossl_prov_is_running() |
282 | 0 | || pdsactx == NULL) |
283 | 0 | return 0; |
284 | | |
285 | 0 | if (vdsa == NULL && pdsactx->dsa == NULL) { |
286 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); |
287 | 0 | return 0; |
288 | 0 | } |
289 | | |
290 | 0 | if (vdsa != NULL) { |
291 | 0 | if (!DSA_up_ref(vdsa)) |
292 | 0 | return 0; |
293 | 0 | DSA_free(pdsactx->dsa); |
294 | 0 | pdsactx->dsa = vdsa; |
295 | 0 | } |
296 | | |
297 | 0 | pdsactx->operation = operation; |
298 | |
|
299 | 0 | OSSL_FIPS_IND_SET_APPROVED(pdsactx) |
300 | 0 | if (!set_ctx_params(pdsactx, params)) |
301 | 0 | return 0; |
302 | | #ifdef FIPS_MODULE |
303 | | { |
304 | | int operation_is_sign |
305 | | = (operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) != 0; |
306 | | |
307 | | if (!dsa_sign_check_approved(pdsactx, operation_is_sign, desc)) |
308 | | return 0; |
309 | | if (!dsa_check_key(pdsactx, operation_is_sign, desc)) |
310 | | return 0; |
311 | | } |
312 | | #endif |
313 | 0 | return 1; |
314 | 0 | } |
315 | | |
316 | | static int dsa_sign_init(void *vpdsactx, void *vdsa, const OSSL_PARAM params[]) |
317 | 0 | { |
318 | 0 | return dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, |
319 | 0 | EVP_PKEY_OP_SIGN, "DSA Sign Init"); |
320 | 0 | } |
321 | | |
322 | | /* |
323 | | * Sign tbs without digesting it first. This is suitable for "primitive" |
324 | | * signing and signing the digest of a message, i.e. should be used with |
325 | | * implementations of the keytype related algorithms. |
326 | | */ |
327 | | static int dsa_sign_directly(void *vpdsactx, |
328 | | unsigned char *sig, size_t *siglen, size_t sigsize, |
329 | | const unsigned char *tbs, size_t tbslen) |
330 | 0 | { |
331 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
332 | 0 | int ret; |
333 | 0 | unsigned int sltmp; |
334 | 0 | size_t dsasize = DSA_size(pdsactx->dsa); |
335 | 0 | size_t mdsize = dsa_get_md_size(pdsactx); |
336 | |
|
337 | 0 | if (!ossl_prov_is_running()) |
338 | 0 | return 0; |
339 | | |
340 | | #ifdef FIPS_MODULE |
341 | | if (!dsa_sign_check_approved(pdsactx, 1, "Sign")) |
342 | | return 0; |
343 | | #endif |
344 | | |
345 | 0 | if (sig == NULL) { |
346 | 0 | *siglen = dsasize; |
347 | 0 | return 1; |
348 | 0 | } |
349 | | |
350 | 0 | if (sigsize < dsasize) |
351 | 0 | return 0; |
352 | | |
353 | 0 | if (mdsize != 0 && tbslen != mdsize) |
354 | 0 | return 0; |
355 | | |
356 | 0 | ret = ossl_dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa, |
357 | 0 | pdsactx->nonce_type, pdsactx->mdname, |
358 | 0 | pdsactx->libctx, pdsactx->propq); |
359 | 0 | if (ret <= 0) |
360 | 0 | return 0; |
361 | | |
362 | 0 | *siglen = sltmp; |
363 | 0 | return 1; |
364 | 0 | } |
365 | | |
366 | | static int dsa_signverify_message_update(void *vpdsactx, |
367 | | const unsigned char *data, |
368 | | size_t datalen) |
369 | 0 | { |
370 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
371 | |
|
372 | 0 | if (pdsactx == NULL) |
373 | 0 | return 0; |
374 | | |
375 | 0 | return EVP_DigestUpdate(pdsactx->mdctx, data, datalen); |
376 | 0 | } |
377 | | |
378 | | static int dsa_sign_message_final(void *vpdsactx, unsigned char *sig, |
379 | | size_t *siglen, size_t sigsize) |
380 | 0 | { |
381 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
382 | 0 | unsigned char digest[EVP_MAX_MD_SIZE]; |
383 | 0 | unsigned int dlen = 0; |
384 | |
|
385 | 0 | if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) |
386 | 0 | return 0; |
387 | | /* |
388 | | * If sig is NULL then we're just finding out the sig size. Other fields |
389 | | * are ignored. Defer to dsa_sign. |
390 | | */ |
391 | 0 | if (sig != NULL) { |
392 | | /* |
393 | | * When this function is used through dsa_digest_sign_final(), |
394 | | * there is the possibility that some externally provided digests |
395 | | * exceed EVP_MAX_MD_SIZE. We should probably handle that |
396 | | * somehow but that problem is much larger than just in DSA. |
397 | | */ |
398 | 0 | if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) |
399 | 0 | return 0; |
400 | 0 | } |
401 | | |
402 | 0 | return dsa_sign_directly(vpdsactx, sig, siglen, sigsize, digest, dlen); |
403 | 0 | } |
404 | | |
405 | | /* |
406 | | * If signing a message, digest tbs and sign the result. |
407 | | * Otherwise, sign tbs directly. |
408 | | */ |
409 | | static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, |
410 | | size_t sigsize, const unsigned char *tbs, size_t tbslen) |
411 | 0 | { |
412 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
413 | |
|
414 | 0 | if (pdsactx->operation == EVP_PKEY_OP_SIGNMSG) { |
415 | | /* |
416 | | * If |sig| is NULL, the caller is only looking for the sig length. |
417 | | * DO NOT update the input in this case. |
418 | | */ |
419 | 0 | if (sig == NULL) |
420 | 0 | return dsa_sign_message_final(pdsactx, sig, siglen, sigsize); |
421 | | |
422 | 0 | if (dsa_signverify_message_update(pdsactx, tbs, tbslen) <= 0) |
423 | 0 | return 0; |
424 | 0 | return dsa_sign_message_final(pdsactx, sig, siglen, sigsize); |
425 | 0 | } |
426 | 0 | return dsa_sign_directly(pdsactx, sig, siglen, sigsize, tbs, tbslen); |
427 | 0 | } |
428 | | |
429 | | static int dsa_verify_init(void *vpdsactx, void *vdsa, |
430 | | const OSSL_PARAM params[]) |
431 | 0 | { |
432 | 0 | return dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, |
433 | 0 | EVP_PKEY_OP_VERIFY, "DSA Verify Init"); |
434 | 0 | } |
435 | | |
436 | | static int dsa_verify_directly(void *vpdsactx, |
437 | | const unsigned char *sig, size_t siglen, |
438 | | const unsigned char *tbs, size_t tbslen) |
439 | 0 | { |
440 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
441 | 0 | size_t mdsize = dsa_get_md_size(pdsactx); |
442 | |
|
443 | 0 | if (!ossl_prov_is_running() || (mdsize != 0 && tbslen != mdsize)) |
444 | 0 | return 0; |
445 | | |
446 | 0 | return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa); |
447 | 0 | } |
448 | | |
449 | | static int dsa_verify_set_sig(void *vpdsactx, |
450 | | const unsigned char *sig, size_t siglen) |
451 | 0 | { |
452 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
453 | 0 | OSSL_PARAM params[2]; |
454 | |
|
455 | 0 | params[0] = |
456 | 0 | OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, |
457 | 0 | (unsigned char *)sig, siglen); |
458 | 0 | params[1] = OSSL_PARAM_construct_end(); |
459 | 0 | return dsa_sigalg_set_ctx_params(pdsactx, params); |
460 | 0 | } |
461 | | |
462 | | static int dsa_verify_message_final(void *vpdsactx) |
463 | 0 | { |
464 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
465 | 0 | unsigned char digest[EVP_MAX_MD_SIZE]; |
466 | 0 | unsigned int dlen = 0; |
467 | |
|
468 | 0 | if (!ossl_prov_is_running()) |
469 | 0 | return 0; |
470 | | |
471 | 0 | if (pdsactx == NULL || pdsactx->mdctx == NULL) |
472 | 0 | return 0; |
473 | | |
474 | | /* |
475 | | * The digests used here are all known (see dsa_get_md_nid()), so they |
476 | | * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. |
477 | | */ |
478 | 0 | if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) |
479 | 0 | return 0; |
480 | | |
481 | 0 | return dsa_verify_directly(vpdsactx, pdsactx->sig, pdsactx->siglen, |
482 | 0 | digest, dlen); |
483 | 0 | } |
484 | | |
485 | | /* |
486 | | * If verifying a message, digest tbs and verify the result. |
487 | | * Otherwise, verify tbs directly. |
488 | | */ |
489 | | static int dsa_verify(void *vpdsactx, |
490 | | const unsigned char *sig, size_t siglen, |
491 | | const unsigned char *tbs, size_t tbslen) |
492 | 0 | { |
493 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
494 | |
|
495 | 0 | if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) { |
496 | 0 | if (dsa_verify_set_sig(pdsactx, sig, siglen) <= 0) |
497 | 0 | return 0; |
498 | 0 | if (dsa_signverify_message_update(pdsactx, tbs, tbslen) <= 0) |
499 | 0 | return 0; |
500 | 0 | return dsa_verify_message_final(pdsactx); |
501 | 0 | } |
502 | 0 | return dsa_verify_directly(pdsactx, sig, siglen, tbs, tbslen); |
503 | 0 | } |
504 | | |
505 | | /* DigestSign/DigestVerify wrappers */ |
506 | | |
507 | | static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, |
508 | | void *vdsa, const OSSL_PARAM params[], |
509 | | int operation, const char *desc) |
510 | 0 | { |
511 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
512 | |
|
513 | 0 | if (!ossl_prov_is_running()) |
514 | 0 | return 0; |
515 | | |
516 | 0 | if (!dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, |
517 | 0 | operation, desc)) |
518 | 0 | return 0; |
519 | | |
520 | 0 | if (mdname != NULL |
521 | | /* was dsa_setup_md already called in dsa_signverify_init()? */ |
522 | 0 | && (mdname[0] == '\0' || OPENSSL_strcasecmp(pdsactx->mdname, mdname) != 0) |
523 | 0 | && !dsa_setup_md(pdsactx, mdname, NULL, desc)) |
524 | 0 | return 0; |
525 | | |
526 | 0 | pdsactx->flag_allow_md = 0; |
527 | |
|
528 | 0 | if (pdsactx->mdctx == NULL) { |
529 | 0 | pdsactx->mdctx = EVP_MD_CTX_new(); |
530 | 0 | if (pdsactx->mdctx == NULL) |
531 | 0 | goto error; |
532 | 0 | } |
533 | | |
534 | 0 | if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params)) |
535 | 0 | goto error; |
536 | | |
537 | 0 | return 1; |
538 | | |
539 | 0 | error: |
540 | 0 | EVP_MD_CTX_free(pdsactx->mdctx); |
541 | 0 | pdsactx->mdctx = NULL; |
542 | 0 | return 0; |
543 | 0 | } |
544 | | |
545 | | static int dsa_digest_sign_init(void *vpdsactx, const char *mdname, |
546 | | void *vdsa, const OSSL_PARAM params[]) |
547 | 0 | { |
548 | 0 | return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, |
549 | 0 | EVP_PKEY_OP_SIGNMSG, |
550 | 0 | "DSA Digest Sign Init"); |
551 | 0 | } |
552 | | |
553 | | static int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data, |
554 | | size_t datalen) |
555 | 0 | { |
556 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
557 | |
|
558 | 0 | if (pdsactx == NULL) |
559 | 0 | return 0; |
560 | | /* Sigalg implementations shouldn't do digest_sign */ |
561 | 0 | if (pdsactx->flag_sigalg) |
562 | 0 | return 0; |
563 | | |
564 | 0 | return dsa_signverify_message_update(vpdsactx, data, datalen); |
565 | 0 | } |
566 | | |
567 | | static int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, |
568 | | size_t *siglen, size_t sigsize) |
569 | 0 | { |
570 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
571 | 0 | int ok = 0; |
572 | |
|
573 | 0 | if (pdsactx == NULL) |
574 | 0 | return 0; |
575 | | /* Sigalg implementations shouldn't do digest_sign */ |
576 | 0 | if (pdsactx->flag_sigalg) |
577 | 0 | return 0; |
578 | | |
579 | 0 | ok = dsa_sign_message_final(pdsactx, sig, siglen, sigsize); |
580 | |
|
581 | 0 | pdsactx->flag_allow_md = 1; |
582 | |
|
583 | 0 | return ok; |
584 | 0 | } |
585 | | |
586 | | static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, |
587 | | void *vdsa, const OSSL_PARAM params[]) |
588 | 0 | { |
589 | 0 | return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, |
590 | 0 | EVP_PKEY_OP_VERIFYMSG, |
591 | 0 | "DSA Digest Verify Init"); |
592 | 0 | } |
593 | | |
594 | | int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, |
595 | | size_t siglen) |
596 | 0 | { |
597 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
598 | 0 | int ok = 0; |
599 | |
|
600 | 0 | if (pdsactx == NULL) |
601 | 0 | return 0; |
602 | | /* Sigalg implementations shouldn't do digest_verify */ |
603 | 0 | if (pdsactx->flag_sigalg) |
604 | 0 | return 0; |
605 | | |
606 | 0 | if (dsa_verify_set_sig(pdsactx, sig, siglen)) |
607 | 0 | ok = dsa_verify_message_final(vpdsactx); |
608 | |
|
609 | 0 | pdsactx->flag_allow_md = 1; |
610 | |
|
611 | 0 | return ok; |
612 | 0 | } |
613 | | |
614 | | static void dsa_freectx(void *vpdsactx) |
615 | 0 | { |
616 | 0 | PROV_DSA_CTX *ctx = (PROV_DSA_CTX *)vpdsactx; |
617 | |
|
618 | 0 | EVP_MD_CTX_free(ctx->mdctx); |
619 | 0 | EVP_MD_free(ctx->md); |
620 | 0 | OPENSSL_free(ctx->sig); |
621 | 0 | OPENSSL_free(ctx->propq); |
622 | 0 | DSA_free(ctx->dsa); |
623 | 0 | OPENSSL_free(ctx); |
624 | 0 | } |
625 | | |
626 | | static void *dsa_dupctx(void *vpdsactx) |
627 | 0 | { |
628 | 0 | PROV_DSA_CTX *srcctx = (PROV_DSA_CTX *)vpdsactx; |
629 | 0 | PROV_DSA_CTX *dstctx; |
630 | |
|
631 | 0 | if (!ossl_prov_is_running()) |
632 | 0 | return NULL; |
633 | | |
634 | 0 | dstctx = OPENSSL_zalloc(sizeof(*srcctx)); |
635 | 0 | if (dstctx == NULL) |
636 | 0 | return NULL; |
637 | | |
638 | 0 | *dstctx = *srcctx; |
639 | 0 | dstctx->dsa = NULL; |
640 | 0 | dstctx->propq = NULL; |
641 | |
|
642 | 0 | if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa)) |
643 | 0 | goto err; |
644 | 0 | dstctx->dsa = srcctx->dsa; |
645 | |
|
646 | 0 | if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) |
647 | 0 | goto err; |
648 | 0 | dstctx->md = srcctx->md; |
649 | |
|
650 | 0 | if (srcctx->mdctx != NULL) { |
651 | 0 | dstctx->mdctx = EVP_MD_CTX_new(); |
652 | 0 | if (dstctx->mdctx == NULL |
653 | 0 | || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) |
654 | 0 | goto err; |
655 | 0 | } |
656 | | |
657 | 0 | if (srcctx->propq != NULL) { |
658 | 0 | dstctx->propq = OPENSSL_strdup(srcctx->propq); |
659 | 0 | if (dstctx->propq == NULL) |
660 | 0 | goto err; |
661 | 0 | } |
662 | | |
663 | 0 | return dstctx; |
664 | 0 | err: |
665 | 0 | dsa_freectx(dstctx); |
666 | 0 | return NULL; |
667 | 0 | } |
668 | | |
669 | | static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) |
670 | 0 | { |
671 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
672 | 0 | OSSL_PARAM *p; |
673 | |
|
674 | 0 | if (pdsactx == NULL) |
675 | 0 | return 0; |
676 | | |
677 | 0 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); |
678 | 0 | if (p != NULL |
679 | 0 | && !OSSL_PARAM_set_octet_string(p, |
680 | 0 | pdsactx->aid_len == 0 ? NULL : pdsactx->aid_buf, |
681 | 0 | pdsactx->aid_len)) |
682 | 0 | return 0; |
683 | | |
684 | 0 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); |
685 | 0 | if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->mdname)) |
686 | 0 | return 0; |
687 | | |
688 | 0 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); |
689 | 0 | if (p != NULL && !OSSL_PARAM_set_uint(p, pdsactx->nonce_type)) |
690 | 0 | return 0; |
691 | 0 | if (!OSSL_FIPS_IND_GET_CTX_PARAM(pdsactx, params)) |
692 | 0 | return 0; |
693 | | |
694 | 0 | return 1; |
695 | 0 | } |
696 | | |
697 | | static const OSSL_PARAM known_gettable_ctx_params[] = { |
698 | | OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), |
699 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), |
700 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), |
701 | | OSSL_FIPS_IND_GETTABLE_CTX_PARAM() |
702 | | OSSL_PARAM_END |
703 | | }; |
704 | | |
705 | | static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx, |
706 | | ossl_unused void *provctx) |
707 | 0 | { |
708 | 0 | return known_gettable_ctx_params; |
709 | 0 | } |
710 | | |
711 | | /** |
712 | | * @brief Setup common params for dsa_set_ctx_params and dsa_sigalg_set_ctx_params |
713 | | * The caller is responsible for checking |vpdsactx| is not NULL and |params| |
714 | | * is not empty. |
715 | | */ |
716 | | static int dsa_common_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) |
717 | 0 | { |
718 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
719 | 0 | const OSSL_PARAM *p; |
720 | |
|
721 | 0 | if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE0, params, |
722 | 0 | OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)) |
723 | 0 | return 0; |
724 | 0 | if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE1, params, |
725 | 0 | OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)) |
726 | 0 | return 0; |
727 | 0 | if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE2, params, |
728 | 0 | OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK)) |
729 | 0 | return 0; |
730 | | |
731 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); |
732 | 0 | if (p != NULL |
733 | 0 | && !OSSL_PARAM_get_uint(p, &pdsactx->nonce_type)) |
734 | 0 | return 0; |
735 | 0 | return 1; |
736 | 0 | } |
737 | | |
738 | | #define DSA_COMMON_SETTABLE_CTX_PARAMS \ |
739 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \ |
740 | | OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \ |
741 | | OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \ |
742 | | OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK) \ |
743 | | OSSL_PARAM_END |
744 | | |
745 | | static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) |
746 | 0 | { |
747 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
748 | 0 | const OSSL_PARAM *p; |
749 | 0 | int ret; |
750 | |
|
751 | 0 | if (pdsactx == NULL) |
752 | 0 | return 0; |
753 | 0 | if (ossl_param_is_empty(params)) |
754 | 0 | return 1; |
755 | | |
756 | 0 | if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0) |
757 | 0 | return ret; |
758 | | |
759 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); |
760 | 0 | if (p != NULL) { |
761 | 0 | char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; |
762 | 0 | char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; |
763 | 0 | const OSSL_PARAM *propsp = |
764 | 0 | OSSL_PARAM_locate_const(params, |
765 | 0 | OSSL_SIGNATURE_PARAM_PROPERTIES); |
766 | |
|
767 | 0 | if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) |
768 | 0 | return 0; |
769 | 0 | if (propsp != NULL |
770 | 0 | && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) |
771 | 0 | return 0; |
772 | 0 | if (!dsa_setup_md(pdsactx, mdname, mdprops, "DSA Set Ctx")) |
773 | 0 | return 0; |
774 | 0 | } |
775 | 0 | return 1; |
776 | 0 | } |
777 | | |
778 | | static const OSSL_PARAM settable_ctx_params[] = { |
779 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), |
780 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), |
781 | | DSA_COMMON_SETTABLE_CTX_PARAMS |
782 | | }; |
783 | | |
784 | | static const OSSL_PARAM settable_ctx_params_no_digest[] = { |
785 | | OSSL_PARAM_END |
786 | | }; |
787 | | |
788 | | static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx, |
789 | | ossl_unused void *provctx) |
790 | 0 | { |
791 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
792 | |
|
793 | 0 | if (pdsactx != NULL && !pdsactx->flag_allow_md) |
794 | 0 | return settable_ctx_params_no_digest; |
795 | 0 | return settable_ctx_params; |
796 | 0 | } |
797 | | |
798 | | static int dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params) |
799 | 0 | { |
800 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
801 | |
|
802 | 0 | if (pdsactx->mdctx == NULL) |
803 | 0 | return 0; |
804 | | |
805 | 0 | return EVP_MD_CTX_get_params(pdsactx->mdctx, params); |
806 | 0 | } |
807 | | |
808 | | static const OSSL_PARAM *dsa_gettable_ctx_md_params(void *vpdsactx) |
809 | 0 | { |
810 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
811 | |
|
812 | 0 | if (pdsactx->md == NULL) |
813 | 0 | return 0; |
814 | | |
815 | 0 | return EVP_MD_gettable_ctx_params(pdsactx->md); |
816 | 0 | } |
817 | | |
818 | | static int dsa_set_ctx_md_params(void *vpdsactx, const OSSL_PARAM params[]) |
819 | 0 | { |
820 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
821 | |
|
822 | 0 | if (pdsactx->mdctx == NULL) |
823 | 0 | return 0; |
824 | | |
825 | 0 | return EVP_MD_CTX_set_params(pdsactx->mdctx, params); |
826 | 0 | } |
827 | | |
828 | | static const OSSL_PARAM *dsa_settable_ctx_md_params(void *vpdsactx) |
829 | 0 | { |
830 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
831 | |
|
832 | 0 | if (pdsactx->md == NULL) |
833 | 0 | return 0; |
834 | | |
835 | 0 | return EVP_MD_settable_ctx_params(pdsactx->md); |
836 | 0 | } |
837 | | |
838 | | const OSSL_DISPATCH ossl_dsa_signature_functions[] = { |
839 | | { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx }, |
840 | | { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))dsa_sign_init }, |
841 | | { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign }, |
842 | | { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))dsa_verify_init }, |
843 | | { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))dsa_verify }, |
844 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, |
845 | | (void (*)(void))dsa_digest_sign_init }, |
846 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, |
847 | | (void (*)(void))dsa_digest_signverify_update }, |
848 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, |
849 | | (void (*)(void))dsa_digest_sign_final }, |
850 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, |
851 | | (void (*)(void))dsa_digest_verify_init }, |
852 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, |
853 | | (void (*)(void))dsa_digest_signverify_update }, |
854 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, |
855 | | (void (*)(void))dsa_digest_verify_final }, |
856 | | { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, |
857 | | { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, |
858 | | { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))dsa_get_ctx_params }, |
859 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, |
860 | | (void (*)(void))dsa_gettable_ctx_params }, |
861 | | { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))dsa_set_ctx_params }, |
862 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, |
863 | | (void (*)(void))dsa_settable_ctx_params }, |
864 | | { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, |
865 | | (void (*)(void))dsa_get_ctx_md_params }, |
866 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, |
867 | | (void (*)(void))dsa_gettable_ctx_md_params }, |
868 | | { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, |
869 | | (void (*)(void))dsa_set_ctx_md_params }, |
870 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, |
871 | | (void (*)(void))dsa_settable_ctx_md_params }, |
872 | | OSSL_DISPATCH_END |
873 | | }; |
874 | | |
875 | | /* ------------------------------------------------------------------ */ |
876 | | |
877 | | /* |
878 | | * So called sigalgs (composite DSA+hash) implemented below. They |
879 | | * are pretty much hard coded. |
880 | | */ |
881 | | |
882 | | static OSSL_FUNC_signature_query_key_types_fn dsa_sigalg_query_key_types; |
883 | | static OSSL_FUNC_signature_settable_ctx_params_fn dsa_sigalg_settable_ctx_params; |
884 | | static OSSL_FUNC_signature_set_ctx_params_fn dsa_sigalg_set_ctx_params; |
885 | | |
886 | | /* |
887 | | * dsa_sigalg_signverify_init() is almost like dsa_digest_signverify_init(), |
888 | | * just doesn't allow fetching an MD from whatever the user chooses. |
889 | | */ |
890 | | static int dsa_sigalg_signverify_init(void *vpdsactx, void *vdsa, |
891 | | OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, |
892 | | const OSSL_PARAM params[], |
893 | | const char *mdname, |
894 | | int operation, const char *desc) |
895 | 0 | { |
896 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
897 | |
|
898 | 0 | if (!ossl_prov_is_running()) |
899 | 0 | return 0; |
900 | | |
901 | 0 | if (!dsa_signverify_init(vpdsactx, vdsa, set_ctx_params, params, operation, |
902 | 0 | desc)) |
903 | 0 | return 0; |
904 | | |
905 | 0 | if (!dsa_setup_md(pdsactx, mdname, NULL, desc)) |
906 | 0 | return 0; |
907 | | |
908 | 0 | pdsactx->flag_sigalg = 1; |
909 | 0 | pdsactx->flag_allow_md = 0; |
910 | |
|
911 | 0 | if (pdsactx->mdctx == NULL) { |
912 | 0 | pdsactx->mdctx = EVP_MD_CTX_new(); |
913 | 0 | if (pdsactx->mdctx == NULL) |
914 | 0 | goto error; |
915 | 0 | } |
916 | | |
917 | 0 | if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params)) |
918 | 0 | goto error; |
919 | | |
920 | 0 | return 1; |
921 | | |
922 | 0 | error: |
923 | 0 | EVP_MD_CTX_free(pdsactx->mdctx); |
924 | 0 | pdsactx->mdctx = NULL; |
925 | 0 | return 0; |
926 | 0 | } |
927 | | |
928 | | static const char **dsa_sigalg_query_key_types(void) |
929 | 0 | { |
930 | 0 | static const char *keytypes[] = { "DSA", NULL }; |
931 | |
|
932 | 0 | return keytypes; |
933 | 0 | } |
934 | | |
935 | | static const OSSL_PARAM settable_sigalg_ctx_params[] = { |
936 | | OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0), |
937 | | DSA_COMMON_SETTABLE_CTX_PARAMS |
938 | | }; |
939 | | |
940 | | static const OSSL_PARAM *dsa_sigalg_settable_ctx_params(void *vpdsactx, |
941 | | ossl_unused void *provctx) |
942 | 0 | { |
943 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
944 | |
|
945 | 0 | if (pdsactx != NULL && pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) |
946 | 0 | return settable_sigalg_ctx_params; |
947 | 0 | return NULL; |
948 | 0 | } |
949 | | |
950 | | static int dsa_sigalg_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) |
951 | 0 | { |
952 | 0 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
953 | 0 | const OSSL_PARAM *p; |
954 | 0 | int ret; |
955 | |
|
956 | 0 | if (pdsactx == NULL) |
957 | 0 | return 0; |
958 | 0 | if (ossl_param_is_empty(params)) |
959 | 0 | return 1; |
960 | | |
961 | 0 | if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0) |
962 | 0 | return ret; |
963 | | |
964 | 0 | if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) { |
965 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE); |
966 | 0 | if (p != NULL) { |
967 | 0 | OPENSSL_free(pdsactx->sig); |
968 | 0 | pdsactx->sig = NULL; |
969 | 0 | pdsactx->siglen = 0; |
970 | 0 | if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig, |
971 | 0 | 0, &pdsactx->siglen)) |
972 | 0 | return 0; |
973 | 0 | } |
974 | 0 | } |
975 | 0 | return 1; |
976 | 0 | } |
977 | | |
978 | | #define IMPL_DSA_SIGALG(md, MD) \ |
979 | | static OSSL_FUNC_signature_sign_init_fn dsa_##md##_sign_init; \ |
980 | | static OSSL_FUNC_signature_sign_message_init_fn \ |
981 | | dsa_##md##_sign_message_init; \ |
982 | | static OSSL_FUNC_signature_verify_init_fn dsa_##md##_verify_init; \ |
983 | | static OSSL_FUNC_signature_verify_message_init_fn \ |
984 | | dsa_##md##_verify_message_init; \ |
985 | | \ |
986 | | static int \ |
987 | | dsa_##md##_sign_init(void *vpdsactx, void *vdsa, \ |
988 | | const OSSL_PARAM params[]) \ |
989 | 0 | { \ |
990 | 0 | static const char desc[] = "DSA-" #MD " Sign Init"; \ |
991 | 0 | \ |
992 | 0 | return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ |
993 | 0 | dsa_sigalg_set_ctx_params, \ |
994 | 0 | params, #MD, \ |
995 | 0 | EVP_PKEY_OP_SIGN, \ |
996 | 0 | desc); \ |
997 | 0 | } \ Unexecuted instantiation: dsa_sig.c:dsa_sha1_sign_init Unexecuted instantiation: dsa_sig.c:dsa_sha224_sign_init Unexecuted instantiation: dsa_sig.c:dsa_sha256_sign_init Unexecuted instantiation: dsa_sig.c:dsa_sha384_sign_init Unexecuted instantiation: dsa_sig.c:dsa_sha512_sign_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_224_sign_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_256_sign_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_384_sign_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_512_sign_init |
998 | | \ |
999 | | static int \ |
1000 | | dsa_##md##_sign_message_init(void *vpdsactx, void *vdsa, \ |
1001 | | const OSSL_PARAM params[]) \ |
1002 | 0 | { \ |
1003 | 0 | static const char desc[] = "DSA-" #MD " Sign Message Init"; \ |
1004 | 0 | \ |
1005 | 0 | return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ |
1006 | 0 | dsa_sigalg_set_ctx_params, \ |
1007 | 0 | params, #MD, \ |
1008 | 0 | EVP_PKEY_OP_SIGNMSG, \ |
1009 | 0 | desc); \ |
1010 | 0 | } \ Unexecuted instantiation: dsa_sig.c:dsa_sha1_sign_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha224_sign_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha256_sign_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha384_sign_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha512_sign_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_224_sign_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_256_sign_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_384_sign_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_512_sign_message_init |
1011 | | \ |
1012 | | static int \ |
1013 | | dsa_##md##_verify_init(void *vpdsactx, void *vdsa, \ |
1014 | | const OSSL_PARAM params[]) \ |
1015 | 0 | { \ |
1016 | 0 | static const char desc[] = "DSA-" #MD " Verify Init"; \ |
1017 | 0 | \ |
1018 | 0 | return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ |
1019 | 0 | dsa_sigalg_set_ctx_params, \ |
1020 | 0 | params, #MD, \ |
1021 | 0 | EVP_PKEY_OP_VERIFY, \ |
1022 | 0 | desc); \ |
1023 | 0 | } \ Unexecuted instantiation: dsa_sig.c:dsa_sha1_verify_init Unexecuted instantiation: dsa_sig.c:dsa_sha224_verify_init Unexecuted instantiation: dsa_sig.c:dsa_sha256_verify_init Unexecuted instantiation: dsa_sig.c:dsa_sha384_verify_init Unexecuted instantiation: dsa_sig.c:dsa_sha512_verify_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_224_verify_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_256_verify_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_384_verify_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_512_verify_init |
1024 | | \ |
1025 | | static int \ |
1026 | | dsa_##md##_verify_message_init(void *vpdsactx, void *vdsa, \ |
1027 | | const OSSL_PARAM params[]) \ |
1028 | 0 | { \ |
1029 | 0 | static const char desc[] = "DSA-" #MD " Verify Message Init"; \ |
1030 | 0 | \ |
1031 | 0 | return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ |
1032 | 0 | dsa_sigalg_set_ctx_params, \ |
1033 | 0 | params, #MD, \ |
1034 | 0 | EVP_PKEY_OP_VERIFYMSG, \ |
1035 | 0 | desc); \ |
1036 | 0 | } \ Unexecuted instantiation: dsa_sig.c:dsa_sha1_verify_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha224_verify_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha256_verify_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha384_verify_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha512_verify_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_224_verify_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_256_verify_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_384_verify_message_init Unexecuted instantiation: dsa_sig.c:dsa_sha3_512_verify_message_init |
1037 | | \ |
1038 | | const OSSL_DISPATCH ossl_dsa_##md##_signature_functions[] = { \ |
1039 | | { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx }, \ |
1040 | | { OSSL_FUNC_SIGNATURE_SIGN_INIT, \ |
1041 | | (void (*)(void))dsa_##md##_sign_init }, \ |
1042 | | { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign }, \ |
1043 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \ |
1044 | | (void (*)(void))dsa_##md##_sign_message_init }, \ |
1045 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE, \ |
1046 | | (void (*)(void))dsa_signverify_message_update }, \ |
1047 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL, \ |
1048 | | (void (*)(void))dsa_sign_message_final }, \ |
1049 | | { OSSL_FUNC_SIGNATURE_VERIFY_INIT, \ |
1050 | | (void (*)(void))dsa_##md##_verify_init }, \ |
1051 | | { OSSL_FUNC_SIGNATURE_VERIFY, \ |
1052 | | (void (*)(void))dsa_verify }, \ |
1053 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \ |
1054 | | (void (*)(void))dsa_##md##_verify_message_init }, \ |
1055 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE, \ |
1056 | | (void (*)(void))dsa_signverify_message_update }, \ |
1057 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL, \ |
1058 | | (void (*)(void))dsa_verify_message_final }, \ |
1059 | | { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, \ |
1060 | | { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, \ |
1061 | | { OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES, \ |
1062 | | (void (*)(void))dsa_sigalg_query_key_types }, \ |
1063 | | { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \ |
1064 | | (void (*)(void))dsa_get_ctx_params }, \ |
1065 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \ |
1066 | | (void (*)(void))dsa_gettable_ctx_params }, \ |
1067 | | { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \ |
1068 | | (void (*)(void))dsa_sigalg_set_ctx_params }, \ |
1069 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \ |
1070 | | (void (*)(void))dsa_sigalg_settable_ctx_params }, \ |
1071 | | OSSL_DISPATCH_END \ |
1072 | | } |
1073 | | |
1074 | | IMPL_DSA_SIGALG(sha1, SHA1); |
1075 | | IMPL_DSA_SIGALG(sha224, SHA2-224); |
1076 | | IMPL_DSA_SIGALG(sha256, SHA2-256); |
1077 | | IMPL_DSA_SIGALG(sha384, SHA2-384); |
1078 | | IMPL_DSA_SIGALG(sha512, SHA2-512); |
1079 | | IMPL_DSA_SIGALG(sha3_224, SHA3-224); |
1080 | | IMPL_DSA_SIGALG(sha3_256, SHA3-256); |
1081 | | IMPL_DSA_SIGALG(sha3_384, SHA3-384); |
1082 | | IMPL_DSA_SIGALG(sha3_512, SHA3-512); |