Coverage Report

Created: 2023-06-07 07:24

/src/openssl/crypto/evp/signature.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <stdio.h>
11
#include <stdlib.h>
12
#include <openssl/objects.h>
13
#include <openssl/evp.h>
14
#include "internal/numbers.h"   /* includes SIZE_MAX */
15
#include "internal/cryptlib.h"
16
#include "internal/provider.h"
17
#include "internal/core.h"
18
#include "crypto/evp.h"
19
#include "evp_local.h"
20
21
static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
22
0
{
23
0
    EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
24
25
0
    if (signature == NULL)
26
0
        return NULL;
27
28
0
    signature->lock = CRYPTO_THREAD_lock_new();
29
0
    if (signature->lock == NULL) {
30
0
        ERR_raise(ERR_LIB_EVP, ERR_R_CRYPTO_LIB);
31
0
        OPENSSL_free(signature);
32
0
        return NULL;
33
0
    }
34
0
    signature->prov = prov;
35
0
    ossl_provider_up_ref(prov);
36
0
    signature->refcnt = 1;
37
38
0
    return signature;
39
0
}
40
41
static void *evp_signature_from_algorithm(int name_id,
42
                                          const OSSL_ALGORITHM *algodef,
43
                                          OSSL_PROVIDER *prov)
44
0
{
45
0
    const OSSL_DISPATCH *fns = algodef->implementation;
46
0
    EVP_SIGNATURE *signature = NULL;
47
0
    int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
48
0
    int digsignfncnt = 0, digverifyfncnt = 0;
49
0
    int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
50
51
0
    if ((signature = evp_signature_new(prov)) == NULL) {
52
0
        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
53
0
        goto err;
54
0
    }
55
56
0
    signature->name_id = name_id;
57
0
    if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
58
0
        goto err;
59
0
    signature->description = algodef->algorithm_description;
60
61
0
    for (; fns->function_id != 0; fns++) {
62
0
        switch (fns->function_id) {
63
0
        case OSSL_FUNC_SIGNATURE_NEWCTX:
64
0
            if (signature->newctx != NULL)
65
0
                break;
66
0
            signature->newctx = OSSL_FUNC_signature_newctx(fns);
67
0
            ctxfncnt++;
68
0
            break;
69
0
        case OSSL_FUNC_SIGNATURE_SIGN_INIT:
70
0
            if (signature->sign_init != NULL)
71
0
                break;
72
0
            signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
73
0
            signfncnt++;
74
0
            break;
75
0
        case OSSL_FUNC_SIGNATURE_SIGN:
76
0
            if (signature->sign != NULL)
77
0
                break;
78
0
            signature->sign = OSSL_FUNC_signature_sign(fns);
79
0
            signfncnt++;
80
0
            break;
81
0
        case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
82
0
            if (signature->verify_init != NULL)
83
0
                break;
84
0
            signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
85
0
            verifyfncnt++;
86
0
            break;
87
0
        case OSSL_FUNC_SIGNATURE_VERIFY:
88
0
            if (signature->verify != NULL)
89
0
                break;
90
0
            signature->verify = OSSL_FUNC_signature_verify(fns);
91
0
            verifyfncnt++;
92
0
            break;
93
0
        case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
94
0
            if (signature->verify_recover_init != NULL)
95
0
                break;
96
0
            signature->verify_recover_init
97
0
                = OSSL_FUNC_signature_verify_recover_init(fns);
98
0
            verifyrecfncnt++;
99
0
            break;
100
0
        case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
101
0
            if (signature->verify_recover != NULL)
102
0
                break;
103
0
            signature->verify_recover
104
0
                = OSSL_FUNC_signature_verify_recover(fns);
105
0
            verifyrecfncnt++;
106
0
            break;
107
0
        case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
108
0
            if (signature->digest_sign_init != NULL)
109
0
                break;
110
0
            signature->digest_sign_init
111
0
                = OSSL_FUNC_signature_digest_sign_init(fns);
112
0
            break;
113
0
        case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
114
0
            if (signature->digest_sign_update != NULL)
115
0
                break;
116
0
            signature->digest_sign_update
117
0
                = OSSL_FUNC_signature_digest_sign_update(fns);
118
0
            digsignfncnt++;
119
0
            break;
120
0
        case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
121
0
            if (signature->digest_sign_final != NULL)
122
0
                break;
123
0
            signature->digest_sign_final
124
0
                = OSSL_FUNC_signature_digest_sign_final(fns);
125
0
            digsignfncnt++;
126
0
            break;
127
0
        case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
128
0
            if (signature->digest_sign != NULL)
129
0
                break;
130
0
            signature->digest_sign
131
0
                = OSSL_FUNC_signature_digest_sign(fns);
132
0
            break;
133
0
        case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
134
0
            if (signature->digest_verify_init != NULL)
135
0
                break;
136
0
            signature->digest_verify_init
137
0
                = OSSL_FUNC_signature_digest_verify_init(fns);
138
0
            break;
139
0
        case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
140
0
            if (signature->digest_verify_update != NULL)
141
0
                break;
142
0
            signature->digest_verify_update
143
0
                = OSSL_FUNC_signature_digest_verify_update(fns);
144
0
            digverifyfncnt++;
145
0
            break;
146
0
        case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
147
0
            if (signature->digest_verify_final != NULL)
148
0
                break;
149
0
            signature->digest_verify_final
150
0
                = OSSL_FUNC_signature_digest_verify_final(fns);
151
0
            digverifyfncnt++;
152
0
            break;
153
0
        case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
154
0
            if (signature->digest_verify != NULL)
155
0
                break;
156
0
            signature->digest_verify
157
0
                = OSSL_FUNC_signature_digest_verify(fns);
158
0
            break;
159
0
        case OSSL_FUNC_SIGNATURE_FREECTX:
160
0
            if (signature->freectx != NULL)
161
0
                break;
162
0
            signature->freectx = OSSL_FUNC_signature_freectx(fns);
163
0
            ctxfncnt++;
164
0
            break;
165
0
        case OSSL_FUNC_SIGNATURE_DUPCTX:
166
0
            if (signature->dupctx != NULL)
167
0
                break;
168
0
            signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
169
0
            break;
170
0
        case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
171
0
            if (signature->get_ctx_params != NULL)
172
0
                break;
173
0
            signature->get_ctx_params
174
0
                = OSSL_FUNC_signature_get_ctx_params(fns);
175
0
            gparamfncnt++;
176
0
            break;
177
0
        case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
178
0
            if (signature->gettable_ctx_params != NULL)
179
0
                break;
180
0
            signature->gettable_ctx_params
181
0
                = OSSL_FUNC_signature_gettable_ctx_params(fns);
182
0
            gparamfncnt++;
183
0
            break;
184
0
        case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
185
0
            if (signature->set_ctx_params != NULL)
186
0
                break;
187
0
            signature->set_ctx_params
188
0
                = OSSL_FUNC_signature_set_ctx_params(fns);
189
0
            sparamfncnt++;
190
0
            break;
191
0
        case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
192
0
            if (signature->settable_ctx_params != NULL)
193
0
                break;
194
0
            signature->settable_ctx_params
195
0
                = OSSL_FUNC_signature_settable_ctx_params(fns);
196
0
            sparamfncnt++;
197
0
            break;
198
0
        case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
199
0
            if (signature->get_ctx_md_params != NULL)
200
0
                break;
201
0
            signature->get_ctx_md_params
202
0
                = OSSL_FUNC_signature_get_ctx_md_params(fns);
203
0
            gmdparamfncnt++;
204
0
            break;
205
0
        case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
206
0
            if (signature->gettable_ctx_md_params != NULL)
207
0
                break;
208
0
            signature->gettable_ctx_md_params
209
0
                = OSSL_FUNC_signature_gettable_ctx_md_params(fns);
210
0
            gmdparamfncnt++;
211
0
            break;
212
0
        case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
213
0
            if (signature->set_ctx_md_params != NULL)
214
0
                break;
215
0
            signature->set_ctx_md_params
216
0
                = OSSL_FUNC_signature_set_ctx_md_params(fns);
217
0
            smdparamfncnt++;
218
0
            break;
219
0
        case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
220
0
            if (signature->settable_ctx_md_params != NULL)
221
0
                break;
222
0
            signature->settable_ctx_md_params
223
0
                = OSSL_FUNC_signature_settable_ctx_md_params(fns);
224
0
            smdparamfncnt++;
225
0
            break;
226
0
        }
227
0
    }
228
0
    if (ctxfncnt != 2
229
0
        || (signfncnt == 0
230
0
            && verifyfncnt == 0
231
0
            && verifyrecfncnt == 0
232
0
            && digsignfncnt == 0
233
0
            && digverifyfncnt == 0
234
0
            && signature->digest_sign == NULL
235
0
            && signature->digest_verify == NULL)
236
0
        || (signfncnt != 0 && signfncnt != 2)
237
0
        || (verifyfncnt != 0 && verifyfncnt != 2)
238
0
        || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
239
0
        || (digsignfncnt != 0 && digsignfncnt != 2)
240
0
        || (digsignfncnt == 2 && signature->digest_sign_init == NULL)
241
0
        || (digverifyfncnt != 0 && digverifyfncnt != 2)
242
0
        || (digverifyfncnt == 2 && signature->digest_verify_init == NULL)
243
0
        || (signature->digest_sign != NULL
244
0
            && signature->digest_sign_init == NULL)
245
0
        || (signature->digest_verify != NULL
246
0
            && signature->digest_verify_init == NULL)
247
0
        || (gparamfncnt != 0 && gparamfncnt != 2)
248
0
        || (sparamfncnt != 0 && sparamfncnt != 2)
249
0
        || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
250
0
        || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
251
        /*
252
         * In order to be a consistent set of functions we must have at least
253
         * a set of context functions (newctx and freectx) as well as a set of
254
         * "signature" functions:
255
         *  (sign_init, sign) or
256
         *  (verify_init verify) or
257
         *  (verify_recover_init, verify_recover) or
258
         *  (digest_sign_init, digest_sign_update, digest_sign_final) or
259
         *  (digest_verify_init, digest_verify_update, digest_verify_final) or
260
         *  (digest_sign_init, digest_sign) or
261
         *  (digest_verify_init, digest_verify).
262
         *
263
         * set_ctx_params and settable_ctx_params are optional, but if one of
264
         * them is present then the other one must also be present. The same
265
         * applies to get_ctx_params and gettable_ctx_params. The same rules
266
         * apply to the "md_params" functions. The dupctx function is optional.
267
         */
268
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
269
0
        goto err;
270
0
    }
271
272
0
    return signature;
273
0
 err:
274
0
    EVP_SIGNATURE_free(signature);
275
0
    return NULL;
276
0
}
277
278
void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
279
0
{
280
0
    int i;
281
282
0
    if (signature == NULL)
283
0
        return;
284
0
    CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
285
0
    if (i > 0)
286
0
        return;
287
0
    OPENSSL_free(signature->type_name);
288
0
    ossl_provider_free(signature->prov);
289
0
    CRYPTO_THREAD_lock_free(signature->lock);
290
0
    OPENSSL_free(signature);
291
0
}
292
293
int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
294
0
{
295
0
    int ref = 0;
296
297
0
    CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
298
0
    return 1;
299
0
}
300
301
OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature)
302
0
{
303
0
    return signature->prov;
304
0
}
305
306
EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
307
                                   const char *properties)
308
0
{
309
0
    return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
310
0
                             evp_signature_from_algorithm,
311
0
                             (int (*)(void *))EVP_SIGNATURE_up_ref,
312
0
                             (void (*)(void *))EVP_SIGNATURE_free);
313
0
}
314
315
EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov,
316
                                             const char *algorithm,
317
                                             const char *properties)
318
0
{
319
0
    return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE,
320
0
                                       algorithm, properties,
321
0
                                       evp_signature_from_algorithm,
322
0
                                       (int (*)(void *))EVP_SIGNATURE_up_ref,
323
0
                                       (void (*)(void *))EVP_SIGNATURE_free);
324
0
}
325
326
int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
327
0
{
328
0
    return signature != NULL
329
0
           && evp_is_a(signature->prov, signature->name_id, NULL, name);
330
0
}
331
332
int evp_signature_get_number(const EVP_SIGNATURE *signature)
333
0
{
334
0
    return signature->name_id;
335
0
}
336
337
const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature)
338
0
{
339
0
    return signature->type_name;
340
0
}
341
342
const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature)
343
0
{
344
0
    return signature->description;
345
0
}
346
347
void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
348
                                   void (*fn)(EVP_SIGNATURE *signature,
349
                                              void *arg),
350
                                   void *arg)
351
0
{
352
0
    evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
353
0
                       (void (*)(void *, void *))fn, arg,
354
0
                       evp_signature_from_algorithm,
355
0
                       (int (*)(void *))EVP_SIGNATURE_up_ref,
356
0
                       (void (*)(void *))EVP_SIGNATURE_free);
357
0
}
358
359
360
int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
361
                               void (*fn)(const char *name, void *data),
362
                               void *data)
363
0
{
364
0
    if (signature->prov != NULL)
365
0
        return evp_names_do_all(signature->prov, signature->name_id, fn, data);
366
367
0
    return 1;
368
0
}
369
370
const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig)
371
0
{
372
0
    void *provctx;
373
374
0
    if (sig == NULL || sig->gettable_ctx_params == NULL)
375
0
        return NULL;
376
377
0
    provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
378
0
    return sig->gettable_ctx_params(NULL, provctx);
379
0
}
380
381
const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig)
382
0
{
383
0
    void *provctx;
384
385
0
    if (sig == NULL || sig->settable_ctx_params == NULL)
386
0
        return NULL;
387
388
0
    provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
389
0
    return sig->settable_ctx_params(NULL, provctx);
390
0
}
391
392
static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
393
                                   const OSSL_PARAM params[])
394
0
{
395
0
    int ret = 0;
396
0
    void *provkey = NULL;
397
0
    EVP_SIGNATURE *signature = NULL;
398
0
    EVP_KEYMGMT *tmp_keymgmt = NULL;
399
0
    const OSSL_PROVIDER *tmp_prov = NULL;
400
0
    const char *supported_sig = NULL;
401
0
    int iter;
402
403
0
    if (ctx == NULL) {
404
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
405
0
        return -2;
406
0
    }
407
408
0
    evp_pkey_ctx_free_old_ops(ctx);
409
0
    ctx->operation = operation;
410
411
0
    ERR_set_mark();
412
413
0
    if (evp_pkey_ctx_is_legacy(ctx))
414
0
        goto legacy;
415
416
0
    if (ctx->pkey == NULL) {
417
0
        ERR_clear_last_mark();
418
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
419
0
        goto err;
420
0
    }
421
422
    /*
423
     * Try to derive the supported signature from |ctx->keymgmt|.
424
     */
425
0
    if (!ossl_assert(ctx->pkey->keymgmt == NULL
426
0
                     || ctx->pkey->keymgmt == ctx->keymgmt)) {
427
0
        ERR_clear_last_mark();
428
0
        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
429
0
        goto err;
430
0
    }
431
0
    supported_sig = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
432
0
                                                          OSSL_OP_SIGNATURE);
433
0
    if (supported_sig == NULL) {
434
0
        ERR_clear_last_mark();
435
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
436
0
        goto err;
437
0
    }
438
439
    /*
440
     * We perform two iterations:
441
     *
442
     * 1.  Do the normal signature fetch, using the fetching data given by
443
     *     the EVP_PKEY_CTX.
444
     * 2.  Do the provider specific signature fetch, from the same provider
445
     *     as |ctx->keymgmt|
446
     *
447
     * We then try to fetch the keymgmt from the same provider as the
448
     * signature, and try to export |ctx->pkey| to that keymgmt (when
449
     * this keymgmt happens to be the same as |ctx->keymgmt|, the export
450
     * is a no-op, but we call it anyway to not complicate the code even
451
     * more).
452
     * If the export call succeeds (returns a non-NULL provider key pointer),
453
     * we're done and can perform the operation itself.  If not, we perform
454
     * the second iteration, or jump to legacy.
455
     */
456
0
    for (iter = 1; iter < 3 && provkey == NULL; iter++) {
457
0
        EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
458
459
        /*
460
         * If we're on the second iteration, free the results from the first.
461
         * They are NULL on the first iteration, so no need to check what
462
         * iteration we're on.
463
         */
464
0
        EVP_SIGNATURE_free(signature);
465
0
        EVP_KEYMGMT_free(tmp_keymgmt);
466
467
0
        switch (iter) {
468
0
        case 1:
469
0
            signature =
470
0
                EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
471
0
            if (signature != NULL)
472
0
                tmp_prov = EVP_SIGNATURE_get0_provider(signature);
473
0
            break;
474
0
        case 2:
475
0
            tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
476
0
            signature =
477
0
                evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
478
0
                                              supported_sig, ctx->propquery);
479
0
            if (signature == NULL)
480
0
                goto legacy;
481
0
            break;
482
0
        }
483
0
        if (signature == NULL)
484
0
            continue;
485
486
        /*
487
         * Ensure that the key is provided, either natively, or as a cached
488
         * export.  We start by fetching the keymgmt with the same name as
489
         * |ctx->pkey|, but from the provider of the signature method, using
490
         * the same property query as when fetching the signature method.
491
         * With the keymgmt we found (if we did), we try to export |ctx->pkey|
492
         * to it (evp_pkey_export_to_provider() is smart enough to only actually
493
494
         * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt)
495
         */
496
0
        tmp_keymgmt_tofree = tmp_keymgmt =
497
0
            evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
498
0
                                        EVP_KEYMGMT_get0_name(ctx->keymgmt),
499
0
                                        ctx->propquery);
500
0
        if (tmp_keymgmt != NULL)
501
0
            provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
502
0
                                                  &tmp_keymgmt, ctx->propquery);
503
0
        if (tmp_keymgmt == NULL)
504
0
            EVP_KEYMGMT_free(tmp_keymgmt_tofree);
505
0
    }
506
507
0
    if (provkey == NULL) {
508
0
        EVP_SIGNATURE_free(signature);
509
0
        goto legacy;
510
0
    }
511
512
0
    ERR_pop_to_mark();
513
514
    /* No more legacy from here down to legacy: */
515
516
0
    ctx->op.sig.signature = signature;
517
0
    ctx->op.sig.algctx =
518
0
        signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
519
0
    if (ctx->op.sig.algctx == NULL) {
520
        /* The provider key can stay in the cache */
521
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
522
0
        goto err;
523
0
    }
524
525
0
    switch (operation) {
526
0
    case EVP_PKEY_OP_SIGN:
527
0
        if (signature->sign_init == NULL) {
528
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
529
0
            ret = -2;
530
0
            goto err;
531
0
        }
532
0
        ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
533
0
        break;
534
0
    case EVP_PKEY_OP_VERIFY:
535
0
        if (signature->verify_init == NULL) {
536
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
537
0
            ret = -2;
538
0
            goto err;
539
0
        }
540
0
        ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
541
0
        break;
542
0
    case EVP_PKEY_OP_VERIFYRECOVER:
543
0
        if (signature->verify_recover_init == NULL) {
544
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
545
0
            ret = -2;
546
0
            goto err;
547
0
        }
548
0
        ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey,
549
0
                                             params);
550
0
        break;
551
0
    default:
552
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
553
0
        goto err;
554
0
    }
555
556
0
    if (ret <= 0) {
557
0
        signature->freectx(ctx->op.sig.algctx);
558
0
        ctx->op.sig.algctx = NULL;
559
0
        goto err;
560
0
    }
561
0
    goto end;
562
563
0
 legacy:
564
    /*
565
     * If we don't have the full support we need with provided methods,
566
     * let's go see if legacy does.
567
     */
568
0
    ERR_pop_to_mark();
569
0
    EVP_KEYMGMT_free(tmp_keymgmt);
570
0
    tmp_keymgmt = NULL;
571
572
0
    if (ctx->pmeth == NULL
573
0
            || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
574
0
            || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
575
0
            || (operation == EVP_PKEY_OP_VERIFYRECOVER
576
0
                && ctx->pmeth->verify_recover == NULL)) {
577
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
578
0
        return -2;
579
0
    }
580
581
0
    switch (operation) {
582
0
    case EVP_PKEY_OP_SIGN:
583
0
        if (ctx->pmeth->sign_init == NULL)
584
0
            return 1;
585
0
        ret = ctx->pmeth->sign_init(ctx);
586
0
        break;
587
0
    case EVP_PKEY_OP_VERIFY:
588
0
        if (ctx->pmeth->verify_init == NULL)
589
0
            return 1;
590
0
        ret = ctx->pmeth->verify_init(ctx);
591
0
        break;
592
0
    case EVP_PKEY_OP_VERIFYRECOVER:
593
0
        if (ctx->pmeth->verify_recover_init == NULL)
594
0
            return 1;
595
0
        ret = ctx->pmeth->verify_recover_init(ctx);
596
0
        break;
597
0
    default:
598
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
599
0
        goto err;
600
0
    }
601
0
    if (ret <= 0)
602
0
        goto err;
603
0
 end:
604
0
#ifndef FIPS_MODULE
605
0
    if (ret > 0)
606
0
        ret = evp_pkey_ctx_use_cached_data(ctx);
607
0
#endif
608
609
0
    EVP_KEYMGMT_free(tmp_keymgmt);
610
0
    return ret;
611
0
 err:
612
0
    evp_pkey_ctx_free_old_ops(ctx);
613
0
    ctx->operation = EVP_PKEY_OP_UNDEFINED;
614
0
    EVP_KEYMGMT_free(tmp_keymgmt);
615
0
    return ret;
616
0
}
617
618
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
619
0
{
620
0
    return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, NULL);
621
0
}
622
623
int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
624
0
{
625
0
    return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, params);
626
0
}
627
628
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
629
                  unsigned char *sig, size_t *siglen,
630
                  const unsigned char *tbs, size_t tbslen)
631
0
{
632
0
    int ret;
633
634
0
    if (ctx == NULL) {
635
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
636
0
        return -2;
637
0
    }
638
639
0
    if (ctx->operation != EVP_PKEY_OP_SIGN) {
640
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
641
0
        return -1;
642
0
    }
643
644
0
    if (ctx->op.sig.algctx == NULL)
645
0
        goto legacy;
646
647
0
    ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
648
0
                                      (sig == NULL) ? 0 : *siglen, tbs, tbslen);
649
650
0
    return ret;
651
0
 legacy:
652
653
0
    if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
654
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
655
0
        return -2;
656
0
    }
657
658
0
    M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
659
0
        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
660
0
}
661
662
int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
663
0
{
664
0
    return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, NULL);
665
0
}
666
667
int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
668
0
{
669
0
    return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, params);
670
0
}
671
672
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
673
                    const unsigned char *sig, size_t siglen,
674
                    const unsigned char *tbs, size_t tbslen)
675
0
{
676
0
    int ret;
677
678
0
    if (ctx == NULL) {
679
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
680
0
        return -2;
681
0
    }
682
683
0
    if (ctx->operation != EVP_PKEY_OP_VERIFY) {
684
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
685
0
        return -1;
686
0
    }
687
688
0
    if (ctx->op.sig.algctx == NULL)
689
0
        goto legacy;
690
691
0
    ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
692
0
                                        tbs, tbslen);
693
694
0
    return ret;
695
0
 legacy:
696
0
    if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
697
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
698
0
        return -2;
699
0
    }
700
701
0
    return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
702
0
}
703
704
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
705
0
{
706
0
    return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, NULL);
707
0
}
708
709
int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
710
                                    const OSSL_PARAM params[])
711
0
{
712
0
    return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params);
713
0
}
714
715
int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
716
                            unsigned char *rout, size_t *routlen,
717
                            const unsigned char *sig, size_t siglen)
718
0
{
719
0
    int ret;
720
721
0
    if (ctx == NULL) {
722
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
723
0
        return -2;
724
0
    }
725
726
0
    if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
727
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
728
0
        return -1;
729
0
    }
730
731
0
    if (ctx->op.sig.algctx == NULL)
732
0
        goto legacy;
733
734
0
    ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
735
0
                                                routlen,
736
0
                                                (rout == NULL ? 0 : *routlen),
737
0
                                                sig, siglen);
738
0
    return ret;
739
0
 legacy:
740
0
    if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
741
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
742
0
        return -2;
743
0
    }
744
0
    M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
745
0
        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
746
0
}