signature.c@ 97371

最後變更在這個檔案從97371是 94320,由 vboxsync 提交於 3 年前
libs/openssl-3.0.1: Export to OSE and fix copyright headers in Makefiles, bugref:10128
檔案大小: 25.0 KB

行
1	/*
2	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <stdio.h>
11	#include <stdlib.h>
12	#include <openssl/objects.h>
13	#include <openssl/evp.h>
14	#include "internal/numbers.h" /* includes SIZE_MAX */
15	#include "internal/cryptlib.h"
16	#include "internal/provider.h"
17	#include "internal/core.h"
18	#include "crypto/evp.h"
19	#include "evp_local.h"
20
21	static EVP_SIGNATURE evp_signature_new(OSSL_PROVIDER prov)
22	{
23	EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
24
25	if (signature == NULL) {
26	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
27	return NULL;
28	}
29
30	signature->lock = CRYPTO_THREAD_lock_new();
31	if (signature->lock == NULL) {
32	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
33	OPENSSL_free(signature);
34	return NULL;
35	}
36	signature->prov = prov;
37	ossl_provider_up_ref(prov);
38	signature->refcnt = 1;
39
40	return signature;
41	}
42
43	static void *evp_signature_from_algorithm(int name_id,
44	const OSSL_ALGORITHM *algodef,
45	OSSL_PROVIDER *prov)
46	{
47	const OSSL_DISPATCH *fns = algodef->implementation;
48	EVP_SIGNATURE *signature = NULL;
49	int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
50	int digsignfncnt = 0, digverifyfncnt = 0;
51	int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
52
53	if ((signature = evp_signature_new(prov)) == NULL) {
54	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
55	goto err;
56	}
57
58	signature->name_id = name_id;
59	if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
60	goto err;
61	signature->description = algodef->algorithm_description;
62
63	for (; fns->function_id != 0; fns++) {
64	switch (fns->function_id) {
65	case OSSL_FUNC_SIGNATURE_NEWCTX:
66	if (signature->newctx != NULL)
67	break;
68	signature->newctx = OSSL_FUNC_signature_newctx(fns);
69	ctxfncnt++;
70	break;
71	case OSSL_FUNC_SIGNATURE_SIGN_INIT:
72	if (signature->sign_init != NULL)
73	break;
74	signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
75	signfncnt++;
76	break;
77	case OSSL_FUNC_SIGNATURE_SIGN:
78	if (signature->sign != NULL)
79	break;
80	signature->sign = OSSL_FUNC_signature_sign(fns);
81	signfncnt++;
82	break;
83	case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
84	if (signature->verify_init != NULL)
85	break;
86	signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
87	verifyfncnt++;
88	break;
89	case OSSL_FUNC_SIGNATURE_VERIFY:
90	if (signature->verify != NULL)
91	break;
92	signature->verify = OSSL_FUNC_signature_verify(fns);
93	verifyfncnt++;
94	break;
95	case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
96	if (signature->verify_recover_init != NULL)
97	break;
98	signature->verify_recover_init
99	= OSSL_FUNC_signature_verify_recover_init(fns);
100	verifyrecfncnt++;
101	break;
102	case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
103	if (signature->verify_recover != NULL)
104	break;
105	signature->verify_recover
106	= OSSL_FUNC_signature_verify_recover(fns);
107	verifyrecfncnt++;
108	break;
109	case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
110	if (signature->digest_sign_init != NULL)
111	break;
112	signature->digest_sign_init
113	= OSSL_FUNC_signature_digest_sign_init(fns);
114	break;
115	case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
116	if (signature->digest_sign_update != NULL)
117	break;
118	signature->digest_sign_update
119	= OSSL_FUNC_signature_digest_sign_update(fns);
120	digsignfncnt++;
121	break;
122	case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
123	if (signature->digest_sign_final != NULL)
124	break;
125	signature->digest_sign_final
126	= OSSL_FUNC_signature_digest_sign_final(fns);
127	digsignfncnt++;
128	break;
129	case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
130	if (signature->digest_sign != NULL)
131	break;
132	signature->digest_sign
133	= OSSL_FUNC_signature_digest_sign(fns);
134	break;
135	case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
136	if (signature->digest_verify_init != NULL)
137	break;
138	signature->digest_verify_init
139	= OSSL_FUNC_signature_digest_verify_init(fns);
140	break;
141	case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
142	if (signature->digest_verify_update != NULL)
143	break;
144	signature->digest_verify_update
145	= OSSL_FUNC_signature_digest_verify_update(fns);
146	digverifyfncnt++;
147	break;
148	case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
149	if (signature->digest_verify_final != NULL)
150	break;
151	signature->digest_verify_final
152	= OSSL_FUNC_signature_digest_verify_final(fns);
153	digverifyfncnt++;
154	break;
155	case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
156	if (signature->digest_verify != NULL)
157	break;
158	signature->digest_verify
159	= OSSL_FUNC_signature_digest_verify(fns);
160	break;
161	case OSSL_FUNC_SIGNATURE_FREECTX:
162	if (signature->freectx != NULL)
163	break;
164	signature->freectx = OSSL_FUNC_signature_freectx(fns);
165	ctxfncnt++;
166	break;
167	case OSSL_FUNC_SIGNATURE_DUPCTX:
168	if (signature->dupctx != NULL)
169	break;
170	signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
171	break;
172	case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
173	if (signature->get_ctx_params != NULL)
174	break;
175	signature->get_ctx_params
176	= OSSL_FUNC_signature_get_ctx_params(fns);
177	gparamfncnt++;
178	break;
179	case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
180	if (signature->gettable_ctx_params != NULL)
181	break;
182	signature->gettable_ctx_params
183	= OSSL_FUNC_signature_gettable_ctx_params(fns);
184	gparamfncnt++;
185	break;
186	case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
187	if (signature->set_ctx_params != NULL)
188	break;
189	signature->set_ctx_params
190	= OSSL_FUNC_signature_set_ctx_params(fns);
191	sparamfncnt++;
192	break;
193	case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
194	if (signature->settable_ctx_params != NULL)
195	break;
196	signature->settable_ctx_params
197	= OSSL_FUNC_signature_settable_ctx_params(fns);
198	sparamfncnt++;
199	break;
200	case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
201	if (signature->get_ctx_md_params != NULL)
202	break;
203	signature->get_ctx_md_params
204	= OSSL_FUNC_signature_get_ctx_md_params(fns);
205	gmdparamfncnt++;
206	break;
207	case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
208	if (signature->gettable_ctx_md_params != NULL)
209	break;
210	signature->gettable_ctx_md_params
211	= OSSL_FUNC_signature_gettable_ctx_md_params(fns);
212	gmdparamfncnt++;
213	break;
214	case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
215	if (signature->set_ctx_md_params != NULL)
216	break;
217	signature->set_ctx_md_params
218	= OSSL_FUNC_signature_set_ctx_md_params(fns);
219	smdparamfncnt++;
220	break;
221	case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
222	if (signature->settable_ctx_md_params != NULL)
223	break;
224	signature->settable_ctx_md_params
225	= OSSL_FUNC_signature_settable_ctx_md_params(fns);
226	smdparamfncnt++;
227	break;
228	}
229	}
230	if (ctxfncnt != 2
231	\|\| (signfncnt == 0
232	&& verifyfncnt == 0
233	&& verifyrecfncnt == 0
234	&& digsignfncnt == 0
235	&& digverifyfncnt == 0
236	&& signature->digest_sign == NULL
237	&& signature->digest_verify == NULL)
238	\|\| (signfncnt != 0 && signfncnt != 2)
239	\|\| (verifyfncnt != 0 && verifyfncnt != 2)
240	\|\| (verifyrecfncnt != 0 && verifyrecfncnt != 2)
241	\|\| (digsignfncnt != 0 && digsignfncnt != 2)
242	\|\| (digsignfncnt == 2 && signature->digest_sign_init == NULL)
243	\|\| (digverifyfncnt != 0 && digverifyfncnt != 2)
244	\|\| (digverifyfncnt == 2 && signature->digest_verify_init == NULL)
245	\|\| (signature->digest_sign != NULL
246	&& signature->digest_sign_init == NULL)
247	\|\| (signature->digest_verify != NULL
248	&& signature->digest_verify_init == NULL)
249	\|\| (gparamfncnt != 0 && gparamfncnt != 2)
250	\|\| (sparamfncnt != 0 && sparamfncnt != 2)
251	\|\| (gmdparamfncnt != 0 && gmdparamfncnt != 2)
252	\|\| (smdparamfncnt != 0 && smdparamfncnt != 2)) {
253	/*
254	* In order to be a consistent set of functions we must have at least
255	* a set of context functions (newctx and freectx) as well as a set of
256	* "signature" functions:
257	* (sign_init, sign) or
258	* (verify_init verify) or
259	* (verify_recover_init, verify_recover) or
260	* (digest_sign_init, digest_sign_update, digest_sign_final) or
261	* (digest_verify_init, digest_verify_update, digest_verify_final) or
262	* (digest_sign_init, digest_sign) or
263	* (digest_verify_init, digest_verify).
264	*
265	* set_ctx_params and settable_ctx_params are optional, but if one of
266	* them is present then the other one must also be present. The same
267	* applies to get_ctx_params and gettable_ctx_params. The same rules
268	* apply to the "md_params" functions. The dupctx function is optional.
269	*/
270	ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
271	goto err;
272	}
273
274	return signature;
275	err:
276	EVP_SIGNATURE_free(signature);
277	return NULL;
278	}
279
280	void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
281	{
282	int i;
283
284	if (signature == NULL)
285	return;
286	CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
287	if (i > 0)
288	return;
289	OPENSSL_free(signature->type_name);
290	ossl_provider_free(signature->prov);
291	CRYPTO_THREAD_lock_free(signature->lock);
292	OPENSSL_free(signature);
293	}
294
295	int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
296	{
297	int ref = 0;
298
299	CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
300	return 1;
301	}
302
303	OSSL_PROVIDER EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE signature)
304	{
305	return signature->prov;
306	}
307
308	EVP_SIGNATURE EVP_SIGNATURE_fetch(OSSL_LIB_CTX ctx, const char *algorithm,
309	const char *properties)
310	{
311	return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
312	evp_signature_from_algorithm,
313	(int ()(void ))EVP_SIGNATURE_up_ref,
314	(void ()(void ))EVP_SIGNATURE_free);
315	}
316
317	EVP_SIGNATURE evp_signature_fetch_from_prov(OSSL_PROVIDER prov,
318	const char *algorithm,
319	const char *properties)
320	{
321	return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE,
322	algorithm, properties,
323	evp_signature_from_algorithm,
324	(int ()(void ))EVP_SIGNATURE_up_ref,
325	(void ()(void ))EVP_SIGNATURE_free);
326	}
327
328	int EVP_SIGNATURE_is_a(const EVP_SIGNATURE signature, const char name)
329	{
330	return evp_is_a(signature->prov, signature->name_id, NULL, name);
331	}
332
333	int evp_signature_get_number(const EVP_SIGNATURE *signature)
334	{
335	return signature->name_id;
336	}
337
338	const char EVP_SIGNATURE_get0_name(const EVP_SIGNATURE signature)
339	{
340	return signature->type_name;
341	}
342
343	const char EVP_SIGNATURE_get0_description(const EVP_SIGNATURE signature)
344	{
345	return signature->description;
346	}
347
348	void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
349	void (fn)(EVP_SIGNATURE signature,
350	void *arg),
351	void *arg)
352	{
353	evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
354	(void ()(void , void *))fn, arg,
355	evp_signature_from_algorithm,
356	(int ()(void ))EVP_SIGNATURE_up_ref,
357	(void ()(void ))EVP_SIGNATURE_free);
358	}
359
360
361	int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
362	void (fn)(const char name, void *data),
363	void *data)
364	{
365	if (signature->prov != NULL)
366	return evp_names_do_all(signature->prov, signature->name_id, fn, data);
367
368	return 1;
369	}
370
371	const OSSL_PARAM EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE sig)
372	{
373	void *provctx;
374
375	if (sig == NULL \|\| sig->gettable_ctx_params == NULL)
376	return NULL;
377
378	provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
379	return sig->gettable_ctx_params(NULL, provctx);
380	}
381
382	const OSSL_PARAM EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE sig)
383	{
384	void *provctx;
385
386	if (sig == NULL \|\| sig->settable_ctx_params == NULL)
387	return NULL;
388
389	provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
390	return sig->settable_ctx_params(NULL, provctx);
391	}
392
393	static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
394	const OSSL_PARAM params[])
395	{
396	int ret = 0;
397	void *provkey = NULL;
398	EVP_SIGNATURE *signature = NULL;
399	EVP_KEYMGMT *tmp_keymgmt = NULL;
400	const OSSL_PROVIDER *tmp_prov = NULL;
401	const char *supported_sig = NULL;
402	int iter;
403
404	if (ctx == NULL) {
405	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
406	return -2;
407	}
408
409	evp_pkey_ctx_free_old_ops(ctx);
410	ctx->operation = operation;
411
412	ERR_set_mark();
413
414	if (evp_pkey_ctx_is_legacy(ctx))
415	goto legacy;
416
417	if (ctx->pkey == NULL) {
418	ERR_clear_last_mark();
419	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
420	goto err;
421	}
422
423	/*
424	* Try to derive the supported signature from \|ctx->keymgmt\|.
425	*/
426	if (!ossl_assert(ctx->pkey->keymgmt == NULL
427	\|\| ctx->pkey->keymgmt == ctx->keymgmt)) {
428	ERR_clear_last_mark();
429	ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
430	goto err;
431	}
432	supported_sig = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
433	OSSL_OP_SIGNATURE);
434	if (supported_sig == NULL) {
435	ERR_clear_last_mark();
436	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
437	goto err;
438	}
439
440	/*
441	* We perform two iterations:
442	*
443	* 1. Do the normal signature fetch, using the fetching data given by
444	* the EVP_PKEY_CTX.
445	* 2. Do the provider specific signature fetch, from the same provider
446	* as \|ctx->keymgmt\|
447	*
448	* We then try to fetch the keymgmt from the same provider as the
449	* signature, and try to export \|ctx->pkey\| to that keymgmt (when
450	* this keymgmt happens to be the same as \|ctx->keymgmt\|, the export
451	* is a no-op, but we call it anyway to not complicate the code even
452	* more).
453	* If the export call succeeds (returns a non-NULL provider key pointer),
454	* we're done and can perform the operation itself. If not, we perform
455	* the second iteration, or jump to legacy.
456	*/
457	for (iter = 1; iter < 3 && provkey == NULL; iter++) {
458	EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
459
460	/*
461	* If we're on the second iteration, free the results from the first.
462	* They are NULL on the first iteration, so no need to check what
463	* iteration we're on.
464	*/
465	EVP_SIGNATURE_free(signature);
466	EVP_KEYMGMT_free(tmp_keymgmt);
467
468	switch (iter) {
469	case 1:
470	signature =
471	EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
472	if (signature != NULL)
473	tmp_prov = EVP_SIGNATURE_get0_provider(signature);
474	break;
475	case 2:
476	tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
477	signature =
478	evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
479	supported_sig, ctx->propquery);
480	if (signature == NULL)
481	goto legacy;
482	break;
483	}
484	if (signature == NULL)
485	continue;
486
487	/*
488	* Ensure that the key is provided, either natively, or as a cached
489	* export. We start by fetching the keymgmt with the same name as
490	* \|ctx->pkey\|, but from the provider of the signature method, using
491	* the same property query as when fetching the signature method.
492	* With the keymgmt we found (if we did), we try to export \|ctx->pkey\|
493	* to it (evp_pkey_export_to_provider() is smart enough to only actually
494
495	* export it if \|tmp_keymgmt\| is different from \|ctx->pkey\|'s keymgmt)
496	*/
497	tmp_keymgmt_tofree = tmp_keymgmt =
498	evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
499	EVP_KEYMGMT_get0_name(ctx->keymgmt),
500	ctx->propquery);
501	if (tmp_keymgmt != NULL)
502	provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
503	&tmp_keymgmt, ctx->propquery);
504	if (tmp_keymgmt == NULL)
505	EVP_KEYMGMT_free(tmp_keymgmt_tofree);
506	}
507
508	if (provkey == NULL) {
509	EVP_SIGNATURE_free(signature);
510	goto legacy;
511	}
512
513	ERR_pop_to_mark();
514
515	/* No more legacy from here down to legacy: */
516
517	ctx->op.sig.signature = signature;
518	ctx->op.sig.algctx =
519	signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
520	if (ctx->op.sig.algctx == NULL) {
521	/* The provider key can stay in the cache */
522	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
523	goto err;
524	}
525
526	switch (operation) {
527	case EVP_PKEY_OP_SIGN:
528	if (signature->sign_init == NULL) {
529	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
530	ret = -2;
531	goto err;
532	}
533	ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
534	break;
535	case EVP_PKEY_OP_VERIFY:
536	if (signature->verify_init == NULL) {
537	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
538	ret = -2;
539	goto err;
540	}
541	ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
542	break;
543	case EVP_PKEY_OP_VERIFYRECOVER:
544	if (signature->verify_recover_init == NULL) {
545	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
546	ret = -2;
547	goto err;
548	}
549	ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey,
550	params);
551	break;
552	default:
553	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
554	goto err;
555	}
556
557	if (ret <= 0) {
558	signature->freectx(ctx->op.sig.algctx);
559	ctx->op.sig.algctx = NULL;
560	goto err;
561	}
562	goto end;
563
564	legacy:
565	/*
566	* If we don't have the full support we need with provided methods,
567	* let's go see if legacy does.
568	*/
569	ERR_pop_to_mark();
570	EVP_KEYMGMT_free(tmp_keymgmt);
571	tmp_keymgmt = NULL;
572
573	if (ctx->pmeth == NULL
574	\|\| (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
575	\|\| (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
576	\|\| (operation == EVP_PKEY_OP_VERIFYRECOVER
577	&& ctx->pmeth->verify_recover == NULL)) {
578	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
579	return -2;
580	}
581
582	switch (operation) {
583	case EVP_PKEY_OP_SIGN:
584	if (ctx->pmeth->sign_init == NULL)
585	return 1;
586	ret = ctx->pmeth->sign_init(ctx);
587	break;
588	case EVP_PKEY_OP_VERIFY:
589	if (ctx->pmeth->verify_init == NULL)
590	return 1;
591	ret = ctx->pmeth->verify_init(ctx);
592	break;
593	case EVP_PKEY_OP_VERIFYRECOVER:
594	if (ctx->pmeth->verify_recover_init == NULL)
595	return 1;
596	ret = ctx->pmeth->verify_recover_init(ctx);
597	break;
598	default:
599	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
600	goto err;
601	}
602	if (ret <= 0)
603	goto err;
604	end:
605	#ifndef FIPS_MODULE
606	if (ret > 0)
607	ret = evp_pkey_ctx_use_cached_data(ctx);
608	#endif
609
610	EVP_KEYMGMT_free(tmp_keymgmt);
611	return ret;
612	err:
613	evp_pkey_ctx_free_old_ops(ctx);
614	ctx->operation = EVP_PKEY_OP_UNDEFINED;
615	EVP_KEYMGMT_free(tmp_keymgmt);
616	return ret;
617	}
618
619	int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
620	{
621	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, NULL);
622	}
623
624	int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
625	{
626	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, params);
627	}
628
629	int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
630	unsigned char sig, size_t siglen,
631	const unsigned char *tbs, size_t tbslen)
632	{
633	int ret;
634
635	if (ctx == NULL) {
636	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
637	return -2;
638	}
639
640	if (ctx->operation != EVP_PKEY_OP_SIGN) {
641	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
642	return -1;
643	}
644
645	if (ctx->op.sig.algctx == NULL)
646	goto legacy;
647
648	ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
649	(sig == NULL) ? 0 : *siglen, tbs, tbslen);
650
651	return ret;
652	legacy:
653
654	if (ctx->pmeth == NULL \|\| ctx->pmeth->sign == NULL) {
655	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
656	return -2;
657	}
658
659	M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
660	return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
661	}
662
663	int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
664	{
665	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, NULL);
666	}
667
668	int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
669	{
670	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, params);
671	}
672
673	int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
674	const unsigned char *sig, size_t siglen,
675	const unsigned char *tbs, size_t tbslen)
676	{
677	int ret;
678
679	if (ctx == NULL) {
680	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
681	return -2;
682	}
683
684	if (ctx->operation != EVP_PKEY_OP_VERIFY) {
685	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
686	return -1;
687	}
688
689	if (ctx->op.sig.algctx == NULL)
690	goto legacy;
691
692	ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
693	tbs, tbslen);
694
695	return ret;
696	legacy:
697	if (ctx->pmeth == NULL \|\| ctx->pmeth->verify == NULL) {
698	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
699	return -2;
700	}
701
702	return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
703	}
704
705	int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
706	{
707	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, NULL);
708	}
709
710	int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
711	const OSSL_PARAM params[])
712	{
713	return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params);
714	}
715
716	int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
717	unsigned char rout, size_t routlen,
718	const unsigned char *sig, size_t siglen)
719	{
720	int ret;
721
722	if (ctx == NULL) {
723	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
724	return -2;
725	}
726
727	if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
728	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
729	return -1;
730	}
731
732	if (ctx->op.sig.algctx == NULL)
733	goto legacy;
734
735	ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
736	routlen,
737	(rout == NULL ? 0 : *routlen),
738	sig, siglen);
739	return ret;
740	legacy:
741	if (ctx->pmeth == NULL \|\| ctx->pmeth->verify_recover == NULL) {
742	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
743	return -2;
744	}
745	M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
746	return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
747	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.0.7/crypto/evp/signature.c@ 97371

以其他格式下載: