1 /* $OpenBSD: m_sigver.c,v 1.9 2021/05/09 14:25:40 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/err.h> 62 #include <openssl/evp.h> 63 #include <openssl/objects.h> 64 #include <openssl/x509.h> 65 66 #include "evp_locl.h" 67 68 static int 69 do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, 70 ENGINE *e, EVP_PKEY *pkey, int ver) 71 { 72 if (ctx->pctx == NULL) 73 ctx->pctx = EVP_PKEY_CTX_new(pkey, e); 74 if (ctx->pctx == NULL) 75 return 0; 76 77 if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) { 78 if (type == NULL) { 79 int def_nid; 80 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) 81 type = EVP_get_digestbynid(def_nid); 82 } 83 84 if (type == NULL) { 85 EVPerror(EVP_R_NO_DEFAULT_DIGEST); 86 return 0; 87 } 88 } 89 90 if (ver) { 91 if (ctx->pctx->pmeth->verifyctx_init) { 92 if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, 93 ctx) <=0) 94 return 0; 95 ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; 96 } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) 97 return 0; 98 } else { 99 if (ctx->pctx->pmeth->signctx_init) { 100 if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) 101 return 0; 102 ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; 103 } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) 104 return 0; 105 } 106 if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) 107 return 0; 108 if (pctx) 109 *pctx = ctx->pctx; 110 if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) 111 return 1; 112 if (!EVP_DigestInit_ex(ctx, type, e)) 113 return 0; 114 return 1; 115 } 116 117 int 118 EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, 119 ENGINE *e, EVP_PKEY *pkey) 120 { 121 return do_sigver_init(ctx, pctx, type, e, pkey, 0); 122 } 123 124 int 125 EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, 126 ENGINE *e, EVP_PKEY *pkey) 127 { 128 return do_sigver_init(ctx, pctx, type, e, pkey, 1); 129 } 130 131 int 132 EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) 133 { 134 EVP_PKEY_CTX *pctx = ctx->pctx; 135 int sctx; 136 int r = 0; 137 138 if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { 139 EVP_PKEY_CTX *dctx; 140 141 if (sigret == NULL) 142 return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); 143 144 /* XXX - support EVP_MD_CTX_FLAG_FINALISE? */ 145 if ((dctx = EVP_PKEY_CTX_dup(ctx->pctx)) == NULL) 146 return 0; 147 r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); 148 EVP_PKEY_CTX_free(dctx); 149 150 return r; 151 } 152 153 if (ctx->pctx->pmeth->signctx) 154 sctx = 1; 155 else 156 sctx = 0; 157 if (sigret) { 158 EVP_MD_CTX tmp_ctx; 159 unsigned char md[EVP_MAX_MD_SIZE]; 160 unsigned int mdlen = 0; 161 EVP_MD_CTX_init(&tmp_ctx); 162 if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) 163 return 0; 164 if (sctx) 165 r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, 166 sigret, siglen, &tmp_ctx); 167 else 168 r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); 169 EVP_MD_CTX_cleanup(&tmp_ctx); 170 if (sctx || !r) 171 return r; 172 if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) 173 return 0; 174 } else { 175 if (sctx) { 176 if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, 177 siglen, ctx) <= 0) 178 return 0; 179 } else { 180 int s = EVP_MD_size(ctx->digest); 181 if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, 182 NULL, s) <= 0) 183 return 0; 184 } 185 } 186 return 1; 187 } 188 189 int 190 EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, 191 const unsigned char *tbs, size_t tbslen) 192 { 193 if (sigret != NULL) { 194 if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) 195 return 0; 196 } 197 198 return EVP_DigestSignFinal(ctx, sigret, siglen); 199 } 200 201 int 202 EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) 203 { 204 EVP_MD_CTX tmp_ctx; 205 unsigned char md[EVP_MAX_MD_SIZE]; 206 int r; 207 unsigned int mdlen = 0; 208 int vctx; 209 210 if (ctx->pctx->pmeth->verifyctx) 211 vctx = 1; 212 else 213 vctx = 0; 214 EVP_MD_CTX_init(&tmp_ctx); 215 if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) 216 return -1; 217 if (vctx) { 218 r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, sig, 219 siglen, &tmp_ctx); 220 } else 221 r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); 222 EVP_MD_CTX_cleanup(&tmp_ctx); 223 if (vctx || !r) 224 return r; 225 return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); 226 } 227 228 int 229 EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, 230 const unsigned char *tbs, size_t tbslen) 231 { 232 if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) 233 return -1; 234 235 return EVP_DigestVerifyFinal(ctx, sigret, siglen); 236 } 237