diff options
author | Matt Caswell <matt@openssl.org> | 2019-09-16 18:14:21 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-10-03 10:47:12 +0200 |
commit | d8c98d79d1bb1dc3261d9b4fc2bc36074aec88f6 (patch) | |
tree | 832daaa7b81198dffd3b3e1bb08ad2e9e233e0dc /crypto/evp/m_sigver.c | |
parent | Add rc5 ciphers to default provider (diff) | |
download | openssl-d8c98d79d1bb1dc3261d9b4fc2bc36074aec88f6.tar.xz openssl-d8c98d79d1bb1dc3261d9b4fc2bc36074aec88f6.zip |
Add the provider function signatures for DigestSign*
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10013)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r-- | crypto/evp/m_sigver.c | 183 |
1 files changed, 176 insertions, 7 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 2e179bee27..54c973e0c9 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -13,6 +13,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include "crypto/evp.h" +#include "internal/provider.h" #include "evp_local.h" static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) @@ -22,14 +23,109 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) } static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, - int ver) + const EVP_MD *type, const char *mdname, + const char *props, ENGINE *e, EVP_PKEY *pkey, + EVP_SIGNATURE *signature, int ver) { - if (ctx->pctx == NULL) + EVP_PKEY_CTX *locpctx = NULL; + void *provkey = NULL; + int ret; + + if (ctx->pctx == NULL) { ctx->pctx = EVP_PKEY_CTX_new(pkey, e); - if (ctx->pctx == NULL) - return 0; + if (ctx->pctx == NULL) + return 0; + } else if (pkey != NULL) { + if (!EVP_PKEY_up_ref(pkey)) + return 0; + EVP_PKEY_free(ctx->pctx->pkey); + ctx->pctx->pkey = pkey; + } + locpctx = ctx->pctx; + evp_pkey_ctx_free_old_ops(locpctx); + if (locpctx->pkey == NULL) + goto legacy; + + if (e != NULL || locpctx->engine != NULL) + goto legacy; + + if (signature != NULL) { + if (!EVP_SIGNATURE_up_ref(signature)) + goto err; + } else { + /* + * TODO(3.0): Check for legacy handling. Remove this once all all + * algorithms are moved to providers. + */ + switch (locpctx->pkey->type) { + default: + goto legacy; + } + signature + = EVP_SIGNATURE_fetch(NULL, OBJ_nid2sn(locpctx->pkey->type), NULL); + + if (signature == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } + } + locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX + : EVP_PKEY_OP_SIGNCTX; + + locpctx->op.sig.signature = signature; + + locpctx->op.sig.sigprovctx + = signature->newctx(ossl_provider_ctx(signature->prov)); + if (locpctx->op.sig.sigprovctx == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } + provkey = evp_keymgmt_export_to_provider(locpctx->pkey, signature->keymgmt); + if (provkey == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } + + if (mdname == NULL) { + mdname = EVP_MD_name(type); + ctx->reqdigest = type; + } else { + /* + * This might be requested by a later call to EVP_MD_CTX_md(). In that + * case the "explicit fetch" rules apply for that function (as per + * man pages), i.e. the ref count is not updated so the EVP_MD should + * not be used beyound the lifetime of the EVP_MD_CTX. + */ + ctx->reqdigest + = ctx->fetched_digest + = EVP_MD_fetch( + ossl_provider_library_context(EVP_SIGNATURE_provider(signature)), + mdname, props); + } + + if (ver) { + if (signature->digest_verify_init == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } + ret = signature->digest_verify_init(locpctx->op.sig.sigprovctx, mdname, + props, provkey); + } else { + if (signature->digest_sign_init == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } + ret = signature->digest_sign_init(locpctx->op.sig.sigprovctx, mdname, + props, provkey); + } + + return ret ? 1 : 0; + err: + evp_pkey_ctx_free_old_ops(locpctx); + locpctx->operation = EVP_PKEY_OP_UNDEFINED; + return 0; + legacy: if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) { if (type == NULL) { @@ -85,23 +181,85 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return 1; } +int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, const char *props, EVP_PKEY *pkey, + EVP_SIGNATURE *signature) +{ + return do_sigver_init(ctx, pctx, NULL, mdname, props, NULL, pkey, signature, + 0); +} + int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, e, pkey, 0); + return do_sigver_init(ctx, pctx, type, NULL, NULL, e, pkey, NULL, 0); +} + +int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, const char *props, + EVP_PKEY *pkey, EVP_SIGNATURE *signature) +{ + return do_sigver_init(ctx, pctx, NULL, mdname, props, NULL, pkey, signature, + 1); } int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, e, pkey, 1); + return do_sigver_init(ctx, pctx, type, NULL, NULL, e, pkey, NULL, 1); +} + +int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) +{ + EVP_PKEY_CTX *pctx = ctx->pctx; + + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.sigprovctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; + + return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.sigprovctx, + data, dsize); + + legacy: + return EVP_DigestUpdate(ctx, data, dsize); } +int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) +{ + EVP_PKEY_CTX *pctx = ctx->pctx; + + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.sigprovctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; + + return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.sigprovctx, + data, dsize); + + legacy: + return EVP_DigestUpdate(ctx, data, dsize); +} + + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { int sctx = 0, r = 0; EVP_PKEY_CTX *pctx = ctx->pctx; + + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.sigprovctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; + + return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.sigprovctx, + sigret, siglen, SIZE_MAX); + + legacy: if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { if (!sigret) return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); @@ -177,7 +335,18 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, int r = 0; unsigned int mdlen = 0; int vctx = 0; + EVP_PKEY_CTX *pctx = ctx->pctx; + + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.sigprovctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; + + return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.sigprovctx, + sig, siglen); + legacy: if (ctx->pctx->pmeth->verifyctx) vctx = 1; else |