1 /*
2  * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/numbers.h"   /* includes SIZE_MAX */
15 #include "internal/cryptlib.h"
16 #include "internal/provider.h"
17 #include "internal/core.h"
18 #include "crypto/evp.h"
19 #include "evp_local.h"
20 
evp_signature_new(OSSL_PROVIDER * prov)21 static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
22 {
23     EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
24 
25     if (signature == NULL) {
26         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
27         return NULL;
28     }
29 
30     signature->lock = CRYPTO_THREAD_lock_new();
31     if (signature->lock == NULL) {
32         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
33         OPENSSL_free(signature);
34         return NULL;
35     }
36     signature->prov = prov;
37     ossl_provider_up_ref(prov);
38     signature->refcnt = 1;
39 
40     return signature;
41 }
42 
evp_signature_from_algorithm(int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)43 static void *evp_signature_from_algorithm(int name_id,
44                                           const OSSL_ALGORITHM *algodef,
45                                           OSSL_PROVIDER *prov)
46 {
47     const OSSL_DISPATCH *fns = algodef->implementation;
48     EVP_SIGNATURE *signature = NULL;
49     int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
50     int digsignfncnt = 0, digverifyfncnt = 0;
51     int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
52 
53     if ((signature = evp_signature_new(prov)) == NULL) {
54         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
55         goto err;
56     }
57 
58     signature->name_id = name_id;
59     if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
60         goto err;
61     signature->description = algodef->algorithm_description;
62 
63     for (; fns->function_id != 0; fns++) {
64         switch (fns->function_id) {
65         case OSSL_FUNC_SIGNATURE_NEWCTX:
66             if (signature->newctx != NULL)
67                 break;
68             signature->newctx = OSSL_FUNC_signature_newctx(fns);
69             ctxfncnt++;
70             break;
71         case OSSL_FUNC_SIGNATURE_SIGN_INIT:
72             if (signature->sign_init != NULL)
73                 break;
74             signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
75             signfncnt++;
76             break;
77         case OSSL_FUNC_SIGNATURE_SIGN:
78             if (signature->sign != NULL)
79                 break;
80             signature->sign = OSSL_FUNC_signature_sign(fns);
81             signfncnt++;
82             break;
83         case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
84             if (signature->verify_init != NULL)
85                 break;
86             signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
87             verifyfncnt++;
88             break;
89         case OSSL_FUNC_SIGNATURE_VERIFY:
90             if (signature->verify != NULL)
91                 break;
92             signature->verify = OSSL_FUNC_signature_verify(fns);
93             verifyfncnt++;
94             break;
95         case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
96             if (signature->verify_recover_init != NULL)
97                 break;
98             signature->verify_recover_init
99                 = OSSL_FUNC_signature_verify_recover_init(fns);
100             verifyrecfncnt++;
101             break;
102         case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
103             if (signature->verify_recover != NULL)
104                 break;
105             signature->verify_recover
106                 = OSSL_FUNC_signature_verify_recover(fns);
107             verifyrecfncnt++;
108             break;
109         case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
110             if (signature->digest_sign_init != NULL)
111                 break;
112             signature->digest_sign_init
113                 = OSSL_FUNC_signature_digest_sign_init(fns);
114             break;
115         case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
116             if (signature->digest_sign_update != NULL)
117                 break;
118             signature->digest_sign_update
119                 = OSSL_FUNC_signature_digest_sign_update(fns);
120             digsignfncnt++;
121             break;
122         case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
123             if (signature->digest_sign_final != NULL)
124                 break;
125             signature->digest_sign_final
126                 = OSSL_FUNC_signature_digest_sign_final(fns);
127             digsignfncnt++;
128             break;
129         case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
130             if (signature->digest_sign != NULL)
131                 break;
132             signature->digest_sign
133                 = OSSL_FUNC_signature_digest_sign(fns);
134             break;
135         case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
136             if (signature->digest_verify_init != NULL)
137                 break;
138             signature->digest_verify_init
139                 = OSSL_FUNC_signature_digest_verify_init(fns);
140             break;
141         case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
142             if (signature->digest_verify_update != NULL)
143                 break;
144             signature->digest_verify_update
145                 = OSSL_FUNC_signature_digest_verify_update(fns);
146             digverifyfncnt++;
147             break;
148         case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
149             if (signature->digest_verify_final != NULL)
150                 break;
151             signature->digest_verify_final
152                 = OSSL_FUNC_signature_digest_verify_final(fns);
153             digverifyfncnt++;
154             break;
155         case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
156             if (signature->digest_verify != NULL)
157                 break;
158             signature->digest_verify
159                 = OSSL_FUNC_signature_digest_verify(fns);
160             break;
161         case OSSL_FUNC_SIGNATURE_FREECTX:
162             if (signature->freectx != NULL)
163                 break;
164             signature->freectx = OSSL_FUNC_signature_freectx(fns);
165             ctxfncnt++;
166             break;
167         case OSSL_FUNC_SIGNATURE_DUPCTX:
168             if (signature->dupctx != NULL)
169                 break;
170             signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
171             break;
172         case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
173             if (signature->get_ctx_params != NULL)
174                 break;
175             signature->get_ctx_params
176                 = OSSL_FUNC_signature_get_ctx_params(fns);
177             gparamfncnt++;
178             break;
179         case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
180             if (signature->gettable_ctx_params != NULL)
181                 break;
182             signature->gettable_ctx_params
183                 = OSSL_FUNC_signature_gettable_ctx_params(fns);
184             gparamfncnt++;
185             break;
186         case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
187             if (signature->set_ctx_params != NULL)
188                 break;
189             signature->set_ctx_params
190                 = OSSL_FUNC_signature_set_ctx_params(fns);
191             sparamfncnt++;
192             break;
193         case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
194             if (signature->settable_ctx_params != NULL)
195                 break;
196             signature->settable_ctx_params
197                 = OSSL_FUNC_signature_settable_ctx_params(fns);
198             sparamfncnt++;
199             break;
200         case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
201             if (signature->get_ctx_md_params != NULL)
202                 break;
203             signature->get_ctx_md_params
204                 = OSSL_FUNC_signature_get_ctx_md_params(fns);
205             gmdparamfncnt++;
206             break;
207         case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
208             if (signature->gettable_ctx_md_params != NULL)
209                 break;
210             signature->gettable_ctx_md_params
211                 = OSSL_FUNC_signature_gettable_ctx_md_params(fns);
212             gmdparamfncnt++;
213             break;
214         case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
215             if (signature->set_ctx_md_params != NULL)
216                 break;
217             signature->set_ctx_md_params
218                 = OSSL_FUNC_signature_set_ctx_md_params(fns);
219             smdparamfncnt++;
220             break;
221         case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
222             if (signature->settable_ctx_md_params != NULL)
223                 break;
224             signature->settable_ctx_md_params
225                 = OSSL_FUNC_signature_settable_ctx_md_params(fns);
226             smdparamfncnt++;
227             break;
228         }
229     }
230     if (ctxfncnt != 2
231         || (signfncnt == 0
232             && verifyfncnt == 0
233             && verifyrecfncnt == 0
234             && digsignfncnt == 0
235             && digverifyfncnt == 0
236             && signature->digest_sign == NULL
237             && signature->digest_verify == NULL)
238         || (signfncnt != 0 && signfncnt != 2)
239         || (verifyfncnt != 0 && verifyfncnt != 2)
240         || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
241         || (digsignfncnt != 0 && digsignfncnt != 2)
242         || (digsignfncnt == 2 && signature->digest_sign_init == NULL)
243         || (digverifyfncnt != 0 && digverifyfncnt != 2)
244         || (digverifyfncnt == 2 && signature->digest_verify_init == NULL)
245         || (signature->digest_sign != NULL
246             && signature->digest_sign_init == NULL)
247         || (signature->digest_verify != NULL
248             && signature->digest_verify_init == NULL)
249         || (gparamfncnt != 0 && gparamfncnt != 2)
250         || (sparamfncnt != 0 && sparamfncnt != 2)
251         || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
252         || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
253         /*
254          * In order to be a consistent set of functions we must have at least
255          * a set of context functions (newctx and freectx) as well as a set of
256          * "signature" functions:
257          *  (sign_init, sign) or
258          *  (verify_init verify) or
259          *  (verify_recover_init, verify_recover) or
260          *  (digest_sign_init, digest_sign_update, digest_sign_final) or
261          *  (digest_verify_init, digest_verify_update, digest_verify_final) or
262          *  (digest_sign_init, digest_sign) or
263          *  (digest_verify_init, digest_verify).
264          *
265          * set_ctx_params and settable_ctx_params are optional, but if one of
266          * them is present then the other one must also be present. The same
267          * applies to get_ctx_params and gettable_ctx_params. The same rules
268          * apply to the "md_params" functions. The dupctx function is optional.
269          */
270         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
271         goto err;
272     }
273 
274     return signature;
275  err:
276     EVP_SIGNATURE_free(signature);
277     return NULL;
278 }
279 
EVP_SIGNATURE_free(EVP_SIGNATURE * signature)280 void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
281 {
282     int i;
283 
284     if (signature == NULL)
285         return;
286     CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
287     if (i > 0)
288         return;
289     OPENSSL_free(signature->type_name);
290     ossl_provider_free(signature->prov);
291     CRYPTO_THREAD_lock_free(signature->lock);
292     OPENSSL_free(signature);
293 }
294 
EVP_SIGNATURE_up_ref(EVP_SIGNATURE * signature)295 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
296 {
297     int ref = 0;
298 
299     CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
300     return 1;
301 }
302 
EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE * signature)303 OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature)
304 {
305     return signature->prov;
306 }
307 
EVP_SIGNATURE_fetch(OSSL_LIB_CTX * ctx,const char * algorithm,const char * properties)308 EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
309                                    const char *properties)
310 {
311     return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
312                              evp_signature_from_algorithm,
313                              (int (*)(void *))EVP_SIGNATURE_up_ref,
314                              (void (*)(void *))EVP_SIGNATURE_free);
315 }
316 
EVP_SIGNATURE_is_a(const EVP_SIGNATURE * signature,const char * name)317 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
318 {
319     return evp_is_a(signature->prov, signature->name_id, NULL, name);
320 }
321 
evp_signature_get_number(const EVP_SIGNATURE * signature)322 int evp_signature_get_number(const EVP_SIGNATURE *signature)
323 {
324     return signature->name_id;
325 }
326 
EVP_SIGNATURE_get0_name(const EVP_SIGNATURE * signature)327 const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature)
328 {
329     return signature->type_name;
330 }
331 
EVP_SIGNATURE_get0_description(const EVP_SIGNATURE * signature)332 const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature)
333 {
334     return signature->description;
335 }
336 
EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_SIGNATURE * signature,void * arg),void * arg)337 void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
338                                    void (*fn)(EVP_SIGNATURE *signature,
339                                               void *arg),
340                                    void *arg)
341 {
342     evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
343                        (void (*)(void *, void *))fn, arg,
344                        evp_signature_from_algorithm,
345                        (int (*)(void *))EVP_SIGNATURE_up_ref,
346                        (void (*)(void *))EVP_SIGNATURE_free);
347 }
348 
349 
EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE * signature,void (* fn)(const char * name,void * data),void * data)350 int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
351                                void (*fn)(const char *name, void *data),
352                                void *data)
353 {
354     if (signature->prov != NULL)
355         return evp_names_do_all(signature->prov, signature->name_id, fn, data);
356 
357     return 1;
358 }
359 
EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE * sig)360 const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig)
361 {
362     void *provctx;
363 
364     if (sig == NULL || sig->gettable_ctx_params == NULL)
365         return NULL;
366 
367     provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
368     return sig->gettable_ctx_params(NULL, provctx);
369 }
370 
EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE * sig)371 const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig)
372 {
373     void *provctx;
374 
375     if (sig == NULL || sig->settable_ctx_params == NULL)
376         return NULL;
377 
378     provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
379     return sig->settable_ctx_params(NULL, provctx);
380 }
381 
evp_pkey_signature_init(EVP_PKEY_CTX * ctx,int operation,const OSSL_PARAM params[])382 static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
383                                    const OSSL_PARAM params[])
384 {
385     int ret = 0;
386     void *provkey = NULL;
387     EVP_SIGNATURE *signature = NULL;
388     EVP_KEYMGMT *tmp_keymgmt = NULL;
389     const char *supported_sig = NULL;
390 
391     if (ctx == NULL) {
392         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
393         return -2;
394     }
395 
396     evp_pkey_ctx_free_old_ops(ctx);
397     ctx->operation = operation;
398 
399     ERR_set_mark();
400 
401     if (evp_pkey_ctx_is_legacy(ctx))
402         goto legacy;
403 
404     /*
405      * Ensure that the key is provided, either natively, or as a cached export.
406      *  If not, go legacy
407      */
408     tmp_keymgmt = ctx->keymgmt;
409     provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
410                                           &tmp_keymgmt, ctx->propquery);
411     if (tmp_keymgmt == NULL)
412         goto legacy;
413     if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
414         ERR_clear_last_mark();
415         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
416         goto err;
417     }
418     EVP_KEYMGMT_free(ctx->keymgmt);
419     ctx->keymgmt = tmp_keymgmt;
420 
421     if (ctx->keymgmt->query_operation_name != NULL)
422         supported_sig = ctx->keymgmt->query_operation_name(OSSL_OP_SIGNATURE);
423 
424     /*
425      * If we didn't get a supported sig, assume there is one with the
426      * same name as the key type.
427      */
428     if (supported_sig == NULL)
429         supported_sig = ctx->keytype;
430 
431     /*
432      * Because we cleared out old ops, we shouldn't need to worry about
433      * checking if signature is already there.
434      */
435     signature =
436         EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
437 
438     if (signature == NULL
439         || (EVP_KEYMGMT_get0_provider(ctx->keymgmt)
440             != EVP_SIGNATURE_get0_provider(signature))) {
441         /*
442          * We don't need to free ctx->keymgmt here, as it's not necessarily
443          * tied to this operation.  It will be freed by EVP_PKEY_CTX_free().
444          */
445         EVP_SIGNATURE_free(signature);
446         goto legacy;
447     }
448 
449     /*
450      * If we don't have the full support we need with provided methods,
451      * let's go see if legacy does.
452      */
453     ERR_pop_to_mark();
454 
455     /* No more legacy from here down to legacy: */
456 
457     ctx->op.sig.signature = signature;
458     ctx->op.sig.algctx =
459         signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
460     if (ctx->op.sig.algctx == NULL) {
461         /* The provider key can stay in the cache */
462         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
463         goto err;
464     }
465 
466     switch (operation) {
467     case EVP_PKEY_OP_SIGN:
468         if (signature->sign_init == NULL) {
469             ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
470             ret = -2;
471             goto err;
472         }
473         ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
474         break;
475     case EVP_PKEY_OP_VERIFY:
476         if (signature->verify_init == NULL) {
477             ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
478             ret = -2;
479             goto err;
480         }
481         ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
482         break;
483     case EVP_PKEY_OP_VERIFYRECOVER:
484         if (signature->verify_recover_init == NULL) {
485             ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
486             ret = -2;
487             goto err;
488         }
489         ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey,
490                                              params);
491         break;
492     default:
493         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
494         goto err;
495     }
496 
497     if (ret <= 0) {
498         signature->freectx(ctx->op.sig.algctx);
499         ctx->op.sig.algctx = NULL;
500         goto err;
501     }
502     goto end;
503 
504  legacy:
505     /*
506      * If we don't have the full support we need with provided methods,
507      * let's go see if legacy does.
508      */
509     ERR_pop_to_mark();
510 
511     if (ctx->pmeth == NULL
512             || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
513             || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
514             || (operation == EVP_PKEY_OP_VERIFYRECOVER
515                 && ctx->pmeth->verify_recover == NULL)) {
516         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
517         return -2;
518     }
519 
520     switch (operation) {
521     case EVP_PKEY_OP_SIGN:
522         if (ctx->pmeth->sign_init == NULL)
523             return 1;
524         ret = ctx->pmeth->sign_init(ctx);
525         break;
526     case EVP_PKEY_OP_VERIFY:
527         if (ctx->pmeth->verify_init == NULL)
528             return 1;
529         ret = ctx->pmeth->verify_init(ctx);
530         break;
531     case EVP_PKEY_OP_VERIFYRECOVER:
532         if (ctx->pmeth->verify_recover_init == NULL)
533             return 1;
534         ret = ctx->pmeth->verify_recover_init(ctx);
535         break;
536     default:
537         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
538         goto err;
539     }
540     if (ret <= 0)
541         goto err;
542  end:
543 #ifndef FIPS_MODULE
544     if (ret > 0)
545         ret = evp_pkey_ctx_use_cached_data(ctx);
546 #endif
547 
548     return ret;
549  err:
550     evp_pkey_ctx_free_old_ops(ctx);
551     ctx->operation = EVP_PKEY_OP_UNDEFINED;
552     return ret;
553 }
554 
EVP_PKEY_sign_init(EVP_PKEY_CTX * ctx)555 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
556 {
557     return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, NULL);
558 }
559 
EVP_PKEY_sign_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])560 int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
561 {
562     return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, params);
563 }
564 
EVP_PKEY_sign(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)565 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
566                   unsigned char *sig, size_t *siglen,
567                   const unsigned char *tbs, size_t tbslen)
568 {
569     int ret;
570 
571     if (ctx == NULL) {
572         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
573         return -2;
574     }
575 
576     if (ctx->operation != EVP_PKEY_OP_SIGN) {
577         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
578         return -1;
579     }
580 
581     if (ctx->op.sig.algctx == NULL)
582         goto legacy;
583 
584     ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
585                                       SIZE_MAX, tbs, tbslen);
586 
587     return ret;
588  legacy:
589 
590     if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
591         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
592         return -2;
593     }
594 
595     M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
596         return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
597 }
598 
EVP_PKEY_verify_init(EVP_PKEY_CTX * ctx)599 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
600 {
601     return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, NULL);
602 }
603 
EVP_PKEY_verify_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])604 int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
605 {
606     return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, params);
607 }
608 
EVP_PKEY_verify(EVP_PKEY_CTX * ctx,const unsigned char * sig,size_t siglen,const unsigned char * tbs,size_t tbslen)609 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
610                     const unsigned char *sig, size_t siglen,
611                     const unsigned char *tbs, size_t tbslen)
612 {
613     int ret;
614 
615     if (ctx == NULL) {
616         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
617         return -2;
618     }
619 
620     if (ctx->operation != EVP_PKEY_OP_VERIFY) {
621         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
622         return -1;
623     }
624 
625     if (ctx->op.sig.algctx == NULL)
626         goto legacy;
627 
628     ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
629                                         tbs, tbslen);
630 
631     return ret;
632  legacy:
633     if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
634         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
635         return -2;
636     }
637 
638     return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
639 }
640 
EVP_PKEY_verify_recover_init(EVP_PKEY_CTX * ctx)641 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
642 {
643     return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, NULL);
644 }
645 
EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])646 int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
647                                     const OSSL_PARAM params[])
648 {
649     return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params);
650 }
651 
EVP_PKEY_verify_recover(EVP_PKEY_CTX * ctx,unsigned char * rout,size_t * routlen,const unsigned char * sig,size_t siglen)652 int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
653                             unsigned char *rout, size_t *routlen,
654                             const unsigned char *sig, size_t siglen)
655 {
656     int ret;
657 
658     if (ctx == NULL) {
659         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
660         return -2;
661     }
662 
663     if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
664         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
665         return -1;
666     }
667 
668     if (ctx->op.sig.algctx == NULL)
669         goto legacy;
670 
671     ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
672                                                 routlen,
673                                                 (rout == NULL ? 0 : *routlen),
674                                                 sig, siglen);
675     return ret;
676  legacy:
677     if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
678         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
679         return -2;
680     }
681     M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
682         return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
683 }
684