if (ctx == NULL)
return;
- if (ctx->digest == NULL || ctx->digest->prov == NULL)
- goto legacy;
-
EVP_MD_CTX_reset(ctx);
EVP_MD_free(ctx->fetched_digest);
OPENSSL_free(ctx);
return;
-
- /* TODO(3.0): Remove legacy code below */
- legacy:
- EVP_MD_CTX_reset(ctx);
- OPENSSL_free(ctx);
}
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
OSSL_OP_signature_verify_fn *verify;
OSSL_OP_signature_verify_recover_init_fn *verify_recover_init;
OSSL_OP_signature_verify_recover_fn *verify_recover;
+ OSSL_OP_signature_digest_sign_init_fn *digest_sign_init;
+ OSSL_OP_signature_digest_sign_update_fn *digest_sign_update;
+ OSSL_OP_signature_digest_sign_final_fn *digest_sign_final;
+ OSSL_OP_signature_digest_verify_init_fn *digest_verify_init;
+ OSSL_OP_signature_digest_verify_update_fn *digest_verify_update;
+ OSSL_OP_signature_digest_verify_final_fn *digest_verify_final;
OSSL_OP_signature_freectx_fn *freectx;
OSSL_OP_signature_dupctx_fn *dupctx;
OSSL_OP_signature_get_ctx_params_fn *get_ctx_params;
OSSL_OP_signature_gettable_ctx_params_fn *gettable_ctx_params;
OSSL_OP_signature_set_ctx_params_fn *set_ctx_params;
OSSL_OP_signature_settable_ctx_params_fn *settable_ctx_params;
+ OSSL_OP_signature_get_ctx_md_params_fn *get_ctx_md_params;
+ OSSL_OP_signature_gettable_ctx_md_params_fn *gettable_ctx_md_params;
+ OSSL_OP_signature_set_ctx_md_params_fn *set_ctx_md_params;
+ OSSL_OP_signature_settable_ctx_md_params_fn *settable_ctx_md_params;
} /* EVP_SIGNATURE */;
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "crypto/evp.h"
+#include "internal/provider.h"
#include "evp_local.h"
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
}
static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
- int ver)
+ const EVP_MD *type, const char *mdname,
+ const char *props, ENGINE *e, EVP_PKEY *pkey,
+ EVP_SIGNATURE *signature, int ver)
{
- if (ctx->pctx == NULL)
+ EVP_PKEY_CTX *locpctx = NULL;
+ void *provkey = NULL;
+ int ret;
+
+ if (ctx->pctx == NULL) {
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
- if (ctx->pctx == NULL)
- return 0;
+ if (ctx->pctx == NULL)
+ return 0;
+ } else if (pkey != NULL) {
+ if (!EVP_PKEY_up_ref(pkey))
+ return 0;
+ EVP_PKEY_free(ctx->pctx->pkey);
+ ctx->pctx->pkey = pkey;
+ }
+ locpctx = ctx->pctx;
+ evp_pkey_ctx_free_old_ops(locpctx);
+ if (locpctx->pkey == NULL)
+ goto legacy;
+
+ if (e != NULL || locpctx->engine != NULL)
+ goto legacy;
+
+ if (signature != NULL) {
+ if (!EVP_SIGNATURE_up_ref(signature))
+ goto err;
+ } else {
+ /*
+ * TODO(3.0): Check for legacy handling. Remove this once all all
+ * algorithms are moved to providers.
+ */
+ switch (locpctx->pkey->type) {
+ default:
+ goto legacy;
+ }
+ signature
+ = EVP_SIGNATURE_fetch(NULL, OBJ_nid2sn(locpctx->pkey->type), NULL);
+
+ if (signature == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ goto err;
+ }
+ }
+ locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX
+ : EVP_PKEY_OP_SIGNCTX;
+
+ locpctx->op.sig.signature = signature;
+
+ locpctx->op.sig.sigprovctx
+ = signature->newctx(ossl_provider_ctx(signature->prov));
+ if (locpctx->op.sig.sigprovctx == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ goto err;
+ }
+ provkey = evp_keymgmt_export_to_provider(locpctx->pkey, signature->keymgmt);
+ if (provkey == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ goto err;
+ }
+
+ if (mdname == NULL) {
+ mdname = EVP_MD_name(type);
+ ctx->reqdigest = type;
+ } else {
+ /*
+ * This might be requested by a later call to EVP_MD_CTX_md(). In that
+ * case the "explicit fetch" rules apply for that function (as per
+ * man pages), i.e. the ref count is not updated so the EVP_MD should
+ * not be used beyound the lifetime of the EVP_MD_CTX.
+ */
+ ctx->reqdigest
+ = ctx->fetched_digest
+ = EVP_MD_fetch(
+ ossl_provider_library_context(EVP_SIGNATURE_provider(signature)),
+ mdname, props);
+ }
+
+ if (ver) {
+ if (signature->digest_verify_init == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ goto err;
+ }
+ ret = signature->digest_verify_init(locpctx->op.sig.sigprovctx, mdname,
+ props, provkey);
+ } else {
+ if (signature->digest_sign_init == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ goto err;
+ }
+ ret = signature->digest_sign_init(locpctx->op.sig.sigprovctx, mdname,
+ props, provkey);
+ }
+
+ return ret ? 1 : 0;
+ err:
+ evp_pkey_ctx_free_old_ops(locpctx);
+ locpctx->operation = EVP_PKEY_OP_UNDEFINED;
+ return 0;
+ legacy:
if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
if (type == NULL) {
return 1;
}
+int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ const char *mdname, const char *props, EVP_PKEY *pkey,
+ EVP_SIGNATURE *signature)
+{
+ return do_sigver_init(ctx, pctx, NULL, mdname, props, NULL, pkey, signature,
+ 0);
+}
+
int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
{
- return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+ return do_sigver_init(ctx, pctx, type, NULL, NULL, e, pkey, NULL, 0);
+}
+
+int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ const char *mdname, const char *props,
+ EVP_PKEY *pkey, EVP_SIGNATURE *signature)
+{
+ return do_sigver_init(ctx, pctx, NULL, mdname, props, NULL, pkey, signature,
+ 1);
}
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
{
- return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+ return do_sigver_init(ctx, pctx, type, NULL, NULL, e, pkey, NULL, 1);
+}
+
+int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
+{
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+
+ if (pctx == NULL
+ || pctx->operation != EVP_PKEY_OP_SIGNCTX
+ || pctx->op.sig.sigprovctx == NULL
+ || pctx->op.sig.signature == NULL)
+ goto legacy;
+
+ return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.sigprovctx,
+ data, dsize);
+
+ legacy:
+ return EVP_DigestUpdate(ctx, data, dsize);
}
+int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
+{
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+
+ if (pctx == NULL
+ || pctx->operation != EVP_PKEY_OP_VERIFYCTX
+ || pctx->op.sig.sigprovctx == NULL
+ || pctx->op.sig.signature == NULL)
+ goto legacy;
+
+ return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.sigprovctx,
+ data, dsize);
+
+ legacy:
+ return EVP_DigestUpdate(ctx, data, dsize);
+}
+
+
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
int sctx = 0, r = 0;
EVP_PKEY_CTX *pctx = ctx->pctx;
+
+ if (pctx == NULL
+ || pctx->operation != EVP_PKEY_OP_SIGNCTX
+ || pctx->op.sig.sigprovctx == NULL
+ || pctx->op.sig.signature == NULL)
+ goto legacy;
+
+ return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.sigprovctx,
+ sigret, siglen, SIZE_MAX);
+
+ legacy:
if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
if (!sigret)
return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
int r = 0;
unsigned int mdlen = 0;
int vctx = 0;
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+
+ if (pctx == NULL
+ || pctx->operation != EVP_PKEY_OP_VERIFYCTX
+ || pctx->op.sig.sigprovctx == NULL
+ || pctx->op.sig.signature == NULL)
+ goto legacy;
+
+ return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.sigprovctx,
+ sig, siglen);
+ legacy:
if (ctx->pctx->pmeth->verifyctx)
vctx = 1;
else
keymgmt_data->properties);
EVP_SIGNATURE *signature = NULL;
int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
- int gparamfncnt = 0, sparamfncnt = 0;
+ int digsignfncnt = 0, digverifyfncnt = 0;
+ int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
if (keymgmt == NULL || EVP_KEYMGMT_provider(keymgmt) != prov) {
ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE);
= OSSL_get_OP_signature_verify_recover(fns);
verifyrecfncnt++;
break;
+ case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
+ if (signature->digest_sign_init != NULL)
+ break;
+ signature->digest_sign_init
+ = OSSL_get_OP_signature_digest_sign_init(fns);
+ digsignfncnt++;
+ break;
+ case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
+ if (signature->digest_sign_update != NULL)
+ break;
+ signature->digest_sign_update
+ = OSSL_get_OP_signature_digest_sign_update(fns);
+ digsignfncnt++;
+ break;
+ case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
+ if (signature->digest_sign_final != NULL)
+ break;
+ signature->digest_sign_final
+ = OSSL_get_OP_signature_digest_sign_final(fns);
+ digsignfncnt++;
+ break;
+ case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
+ if (signature->digest_verify_init != NULL)
+ break;
+ signature->digest_verify_init
+ = OSSL_get_OP_signature_digest_verify_init(fns);
+ digverifyfncnt++;
+ break;
+ case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
+ if (signature->digest_verify_update != NULL)
+ break;
+ signature->digest_verify_update
+ = OSSL_get_OP_signature_digest_verify_update(fns);
+ digverifyfncnt++;
+ break;
+ case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
+ if (signature->digest_verify_final != NULL)
+ break;
+ signature->digest_verify_final
+ = OSSL_get_OP_signature_digest_verify_final(fns);
+ digverifyfncnt++;
+ break;
case OSSL_FUNC_SIGNATURE_FREECTX:
if (signature->freectx != NULL)
break;
= OSSL_get_OP_signature_settable_ctx_params(fns);
sparamfncnt++;
break;
+ case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
+ if (signature->get_ctx_md_params != NULL)
+ break;
+ signature->get_ctx_md_params
+ = OSSL_get_OP_signature_get_ctx_md_params(fns);
+ gmdparamfncnt++;
+ break;
+ case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
+ if (signature->gettable_ctx_md_params != NULL)
+ break;
+ signature->gettable_ctx_md_params
+ = OSSL_get_OP_signature_gettable_ctx_md_params(fns);
+ gmdparamfncnt++;
+ break;
+ case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
+ if (signature->set_ctx_md_params != NULL)
+ break;
+ signature->set_ctx_md_params
+ = OSSL_get_OP_signature_set_ctx_md_params(fns);
+ smdparamfncnt++;
+ break;
+ case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
+ if (signature->settable_ctx_md_params != NULL)
+ break;
+ signature->settable_ctx_md_params
+ = OSSL_get_OP_signature_settable_ctx_md_params(fns);
+ smdparamfncnt++;
+ break;
}
}
if (ctxfncnt != 2
- || (signfncnt != 2 && verifyfncnt != 2 && verifyrecfncnt != 2)
+ || (signfncnt == 0
+ && verifyfncnt == 0
+ && verifyrecfncnt == 0
+ && digsignfncnt == 0
+ && digverifyfncnt == 0)
+ || (signfncnt != 0 && signfncnt != 2)
+ || (verifyfncnt != 0 && verifyfncnt != 2)
+ || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
+ || (digsignfncnt != 0 && digsignfncnt != 3)
+ || (digverifyfncnt != 0 && digverifyfncnt != 3)
|| (gparamfncnt != 0 && gparamfncnt != 2)
- || (sparamfncnt != 0 && sparamfncnt != 2)) {
+ || (sparamfncnt != 0 && sparamfncnt != 2)
+ || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
+ || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
/*
* In order to be a consistent set of functions we must have at least
- * a set of context functions (newctx and freectx) as well as a pair of
- * "signature" functions: (sign_init, sign) or (verify_init verify) or
- * (verify_recover_init, verify_recover). set_ctx_params and
- * settable_ctx_params are optional, but if one of them is present then
- * the other one must also be present. The same applies to
- * get_ctx_params and gettable_ctx_params. The dupctx function is
- * optional.
+ * a set of context functions (newctx and freectx) as well as a set of
+ * "signature" functions:
+ * (sign_init, sign) or
+ * (verify_init verify) or
+ * (verify_recover_init, verify_recover) or
+ * (digest_sign_init, digest_sign_update, digest_sign_final) or
+ * (digest_verify_init, digest_verify_update, digest_verify_final).
+ *
+ * set_ctx_params and settable_ctx_params are optional, but if one of
+ * them is present then the other one must also be present. The same
+ * applies to get_ctx_params and gettable_ctx_params. The same rules
+ * apply to the "md_params" functions. The dupctx function is optional.
*/
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
goto err;
# define OSSL_FUNC_SIGNATURE_VERIFY 5
# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT 6
# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER 7
-# define OSSL_FUNC_SIGNATURE_FREECTX 8
-# define OSSL_FUNC_SIGNATURE_DUPCTX 9
-# define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS 10
-# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS 11
-# define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS 12
-# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS 13
+# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT 8
+# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE 9
+# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL 10
+# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT 11
+# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE 12
+# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL 13
+# define OSSL_FUNC_SIGNATURE_FREECTX 14
+# define OSSL_FUNC_SIGNATURE_DUPCTX 15
+# define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS 16
+# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS 17
+# define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS 18
+# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS 19
+# define OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS 20
+# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 21
+# define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 22
+# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 23
OSSL_CORE_MAKE_FUNC(void *, OP_signature_newctx, (void *provctx))
OSSL_CORE_MAKE_FUNC(int, OP_signature_sign_init, (void *ctx, void *provkey))
size_t routsize,
const unsigned char *sig,
size_t siglen))
+OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_init,
+ (void *ctx, const char *mdname, const char *props,
+ void *provkey))
+OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_update,
+ (void *ctx, const unsigned char *data, size_t datalen))
+OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_final,
+ (void *ctx, unsigned char *sig, size_t *siglen,
+ size_t sigsize))
+OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_init,
+ (void *ctx, const char *mdname, const char *props,
+ void *provkey))
+OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_update,
+ (void *ctx, const unsigned char *data, size_t datalen))
+OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_final,
+ (void *ctx, const unsigned char *sig, size_t siglen))
OSSL_CORE_MAKE_FUNC(void, OP_signature_freectx, (void *ctx))
OSSL_CORE_MAKE_FUNC(void *, OP_signature_dupctx, (void *ctx))
OSSL_CORE_MAKE_FUNC(int, OP_signature_get_ctx_params,
(void *ctx, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_settable_ctx_params,
(void))
+OSSL_CORE_MAKE_FUNC(int, OP_signature_get_ctx_md_params,
+ (void *ctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_gettable_ctx_md_params,
+ (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, OP_signature_set_ctx_md_params,
+ (void *ctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_settable_ctx_md_params,
+ (void *ctx))
# ifdef __cplusplus
}
# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
-# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
# ifdef CONST_STRICT
void BIO_set_md(BIO *, const EVP_MD *md);
size_t siglen, const unsigned char *tbs,
size_t tbslen);
+int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ const char *mdname, const char *props, EVP_PKEY *pkey,
+ EVP_SIGNATURE *signature);
/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e,
EVP_PKEY *pkey);
+int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen);
+int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ const char *mdname, const char *props,
+ EVP_PKEY *pkey, EVP_SIGNATURE *signature);
__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e,
EVP_PKEY *pkey);
+int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen);
OSSL_CMP_print_errors_cb 4939 3_0_0 EXIST::FUNCTION:CMP
OSSL_CRMF_CERTID_get0_issuer 4940 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTID_get0_serialNumber 4941 3_0_0 EXIST::FUNCTION:CRMF
+EVP_DigestSignInit_ex 4942 3_0_0 EXIST::FUNCTION:
+EVP_DigestSignUpdate 4943 3_0_0 EXIST::FUNCTION:
+EVP_DigestVerifyInit_ex 4944 3_0_0 EXIST::FUNCTION:
+EVP_DigestVerifyUpdate 4945 3_0_0 EXIST::FUNCTION:
projects / oweals / openssl.git / commitdiff