1 /* 2 * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "internal/cryptlib.h" 12 #include <openssl/evp.h> 13 #include <openssl/objects.h> 14 #include <openssl/x509.h> 15 #include "crypto/evp.h" 16 #include "evp_local.h" 17 18 static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) 19 { 20 EVPerr(EVP_F_UPDATE, EVP_R_ONLY_ONESHOT_SUPPORTED); 21 return 0; 22 } 23 24 static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, 25 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, 26 int ver) 27 { 28 if (ctx->pctx == NULL) 29 ctx->pctx = EVP_PKEY_CTX_new(pkey, e); 30 if (ctx->pctx == NULL) 31 return 0; 32 33 if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) { 34 35 if (type == NULL) { 36 int def_nid; 37 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) 38 type = EVP_get_digestbynid(def_nid); 39 } 40 41 if (type == NULL) { 42 EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST); 43 return 0; 44 } 45 } 46 47 if (ver) { 48 if (ctx->pctx->pmeth->verifyctx_init) { 49 if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0) 50 return 0; 51 ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; 52 } else if (ctx->pctx->pmeth->digestverify != 0) { 53 ctx->pctx->operation = EVP_PKEY_OP_VERIFY; 54 ctx->update = update; 55 } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) { 56 return 0; 57 } 58 } else { 59 if (ctx->pctx->pmeth->signctx_init) { 60 if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) 61 return 0; 62 ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; 63 } else if (ctx->pctx->pmeth->digestsign != 0) { 64 ctx->pctx->operation = EVP_PKEY_OP_SIGN; 65 ctx->update = update; 66 } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) { 67 return 0; 68 } 69 } 70 if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) 71 return 0; 72 if (pctx) 73 *pctx = ctx->pctx; 74 if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) 75 return 1; 76 if (!EVP_DigestInit_ex(ctx, type, e)) 77 return 0; 78 /* 79 * This indicates the current algorithm requires 80 * special treatment before hashing the tbs-message. 81 */ 82 if (ctx->pctx->pmeth->digest_custom != NULL) 83 return ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx); 84 85 return 1; 86 } 87 88 int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, 89 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) 90 { 91 return do_sigver_init(ctx, pctx, type, e, pkey, 0); 92 } 93 94 int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, 95 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) 96 { 97 return do_sigver_init(ctx, pctx, type, e, pkey, 1); 98 } 99 100 int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, 101 size_t *siglen) 102 { 103 int sctx = 0, r = 0; 104 EVP_PKEY_CTX *pctx = ctx->pctx; 105 if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { 106 if (!sigret) 107 return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); 108 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) 109 r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); 110 else { 111 EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx); 112 if (!dctx) 113 return 0; 114 r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); 115 EVP_PKEY_CTX_free(dctx); 116 } 117 return r; 118 } 119 if (pctx->pmeth->signctx) 120 sctx = 1; 121 else 122 sctx = 0; 123 if (sigret) { 124 unsigned char md[EVP_MAX_MD_SIZE]; 125 unsigned int mdlen = 0; 126 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { 127 if (sctx) 128 r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx); 129 else 130 r = EVP_DigestFinal_ex(ctx, md, &mdlen); 131 } else { 132 EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); 133 if (tmp_ctx == NULL) 134 return 0; 135 if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) { 136 EVP_MD_CTX_free(tmp_ctx); 137 return 0; 138 } 139 if (sctx) 140 r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, 141 sigret, siglen, tmp_ctx); 142 else 143 r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); 144 EVP_MD_CTX_free(tmp_ctx); 145 } 146 if (sctx || !r) 147 return r; 148 if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) 149 return 0; 150 } else { 151 if (sctx) { 152 if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0) 153 return 0; 154 } else { 155 int s = EVP_MD_size(ctx->digest); 156 if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0) 157 return 0; 158 } 159 } 160 return 1; 161 } 162 163 int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, 164 const unsigned char *tbs, size_t tbslen) 165 { 166 if (ctx->pctx->pmeth->digestsign != NULL) 167 return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen); 168 if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) 169 return 0; 170 return EVP_DigestSignFinal(ctx, sigret, siglen); 171 } 172 173 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, 174 size_t siglen) 175 { 176 unsigned char md[EVP_MAX_MD_SIZE]; 177 int r = 0; 178 unsigned int mdlen = 0; 179 int vctx = 0; 180 181 if (ctx->pctx->pmeth->verifyctx) 182 vctx = 1; 183 else 184 vctx = 0; 185 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { 186 if (vctx) 187 r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx); 188 else 189 r = EVP_DigestFinal_ex(ctx, md, &mdlen); 190 } else { 191 EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); 192 if (tmp_ctx == NULL) 193 return -1; 194 if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) { 195 EVP_MD_CTX_free(tmp_ctx); 196 return -1; 197 } 198 if (vctx) 199 r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, 200 sig, siglen, tmp_ctx); 201 else 202 r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); 203 EVP_MD_CTX_free(tmp_ctx); 204 } 205 if (vctx || !r) 206 return r; 207 return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); 208 } 209 210 int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, 211 size_t siglen, const unsigned char *tbs, size_t tbslen) 212 { 213 if (ctx->pctx->pmeth->digestverify != NULL) 214 return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); 215 if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) 216 return -1; 217 return EVP_DigestVerifyFinal(ctx, sigret, siglen); 218 } 219