xref: /dflybsd-src/crypto/libressl/crypto/evp/m_sigver.c (revision 961e30ea7dc61d1112b778ea4981eac68129fb86) 
1*de0e0e4dSAntonio Huete Jimenez /* $OpenBSD: m_sigver.c,v 1.9 2021/05/09 14:25:40 tb Exp $ */
2f5b1c8a1SJohn Marino /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3f5b1c8a1SJohn Marino  * project 2006.
4f5b1c8a1SJohn Marino  */
5f5b1c8a1SJohn Marino /* ====================================================================
6f5b1c8a1SJohn Marino  * Copyright (c) 2006,2007 The OpenSSL Project.  All rights reserved.
7f5b1c8a1SJohn Marino  *
8f5b1c8a1SJohn Marino  * Redistribution and use in source and binary forms, with or without
9f5b1c8a1SJohn Marino  * modification, are permitted provided that the following conditions
10f5b1c8a1SJohn Marino  * are met:
11f5b1c8a1SJohn Marino  *
12f5b1c8a1SJohn Marino  * 1. Redistributions of source code must retain the above copyright
13f5b1c8a1SJohn Marino  *    notice, this list of conditions and the following disclaimer.
14f5b1c8a1SJohn Marino  *
15f5b1c8a1SJohn Marino  * 2. Redistributions in binary form must reproduce the above copyright
16f5b1c8a1SJohn Marino  *    notice, this list of conditions and the following disclaimer in
17f5b1c8a1SJohn Marino  *    the documentation and/or other materials provided with the
18f5b1c8a1SJohn Marino  *    distribution.
19f5b1c8a1SJohn Marino  *
20f5b1c8a1SJohn Marino  * 3. All advertising materials mentioning features or use of this
21f5b1c8a1SJohn Marino  *    software must display the following acknowledgment:
22f5b1c8a1SJohn Marino  *    "This product includes software developed by the OpenSSL Project
23f5b1c8a1SJohn Marino  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24f5b1c8a1SJohn Marino  *
25f5b1c8a1SJohn Marino  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26f5b1c8a1SJohn Marino  *    endorse or promote products derived from this software without
27f5b1c8a1SJohn Marino  *    prior written permission. For written permission, please contact
28f5b1c8a1SJohn Marino  *    licensing@OpenSSL.org.
29f5b1c8a1SJohn Marino  *
30f5b1c8a1SJohn Marino  * 5. Products derived from this software may not be called "OpenSSL"
31f5b1c8a1SJohn Marino  *    nor may "OpenSSL" appear in their names without prior written
32f5b1c8a1SJohn Marino  *    permission of the OpenSSL Project.
33f5b1c8a1SJohn Marino  *
34f5b1c8a1SJohn Marino  * 6. Redistributions of any form whatsoever must retain the following
35f5b1c8a1SJohn Marino  *    acknowledgment:
36f5b1c8a1SJohn Marino  *    "This product includes software developed by the OpenSSL Project
37f5b1c8a1SJohn Marino  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38f5b1c8a1SJohn Marino  *
39f5b1c8a1SJohn Marino  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40f5b1c8a1SJohn Marino  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41f5b1c8a1SJohn Marino  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42f5b1c8a1SJohn Marino  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43f5b1c8a1SJohn Marino  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44f5b1c8a1SJohn Marino  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45f5b1c8a1SJohn Marino  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46f5b1c8a1SJohn Marino  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47f5b1c8a1SJohn Marino  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48f5b1c8a1SJohn Marino  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49f5b1c8a1SJohn Marino  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50f5b1c8a1SJohn Marino  * OF THE POSSIBILITY OF SUCH DAMAGE.
51f5b1c8a1SJohn Marino  * ====================================================================
52f5b1c8a1SJohn Marino  *
53f5b1c8a1SJohn Marino  * This product includes cryptographic software written by Eric Young
54f5b1c8a1SJohn Marino  * (eay@cryptsoft.com).  This product includes software written by Tim
55f5b1c8a1SJohn Marino  * Hudson (tjh@cryptsoft.com).
56f5b1c8a1SJohn Marino  *
57f5b1c8a1SJohn Marino  */
58f5b1c8a1SJohn Marino 
59f5b1c8a1SJohn Marino #include <stdio.h>
60f5b1c8a1SJohn Marino 
61f5b1c8a1SJohn Marino #include <openssl/err.h>
62f5b1c8a1SJohn Marino #include <openssl/evp.h>
63f5b1c8a1SJohn Marino #include <openssl/objects.h>
64f5b1c8a1SJohn Marino #include <openssl/x509.h>
65f5b1c8a1SJohn Marino 
66f5b1c8a1SJohn Marino #include "evp_locl.h"
67f5b1c8a1SJohn Marino 
68f5b1c8a1SJohn Marino static int
do_sigver_init(EVP_MD_CTX * ctx,EVP_PKEY_CTX ** pctx,const EVP_MD * type,ENGINE * e,EVP_PKEY * pkey,int ver)69f5b1c8a1SJohn Marino do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
70f5b1c8a1SJohn Marino     ENGINE *e, EVP_PKEY *pkey, int ver)
71f5b1c8a1SJohn Marino {
72f5b1c8a1SJohn Marino 	if (ctx->pctx == NULL)
73f5b1c8a1SJohn Marino 		ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
74f5b1c8a1SJohn Marino 	if (ctx->pctx == NULL)
75f5b1c8a1SJohn Marino 		return 0;
76f5b1c8a1SJohn Marino 
77*de0e0e4dSAntonio Huete Jimenez 	if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
78f5b1c8a1SJohn Marino 		if (type == NULL) {
79f5b1c8a1SJohn Marino 			int def_nid;
80f5b1c8a1SJohn Marino 			if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
81f5b1c8a1SJohn Marino 				type = EVP_get_digestbynid(def_nid);
82f5b1c8a1SJohn Marino 		}
83f5b1c8a1SJohn Marino 
84f5b1c8a1SJohn Marino 		if (type == NULL) {
8572c33676SMaxim Ag 			EVPerror(EVP_R_NO_DEFAULT_DIGEST);
86f5b1c8a1SJohn Marino 			return 0;
87f5b1c8a1SJohn Marino 		}
88*de0e0e4dSAntonio Huete Jimenez 	}
89f5b1c8a1SJohn Marino 
90f5b1c8a1SJohn Marino 	if (ver) {
91f5b1c8a1SJohn Marino 		if (ctx->pctx->pmeth->verifyctx_init) {
92f5b1c8a1SJohn Marino 			if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx,
93f5b1c8a1SJohn Marino 			    ctx) <=0)
94f5b1c8a1SJohn Marino 				return 0;
95f5b1c8a1SJohn Marino 			ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
96f5b1c8a1SJohn Marino 		} else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
97f5b1c8a1SJohn Marino 			return 0;
98f5b1c8a1SJohn Marino 	} else {
99f5b1c8a1SJohn Marino 		if (ctx->pctx->pmeth->signctx_init) {
100f5b1c8a1SJohn Marino 			if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
101f5b1c8a1SJohn Marino 				return 0;
102f5b1c8a1SJohn Marino 			ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
103f5b1c8a1SJohn Marino 		} else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
104f5b1c8a1SJohn Marino 			return 0;
105f5b1c8a1SJohn Marino 	}
106f5b1c8a1SJohn Marino 	if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
107f5b1c8a1SJohn Marino 		return 0;
108f5b1c8a1SJohn Marino 	if (pctx)
109f5b1c8a1SJohn Marino 		*pctx = ctx->pctx;
110*de0e0e4dSAntonio Huete Jimenez 	if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
111*de0e0e4dSAntonio Huete Jimenez 		return 1;
112f5b1c8a1SJohn Marino 	if (!EVP_DigestInit_ex(ctx, type, e))
113f5b1c8a1SJohn Marino 		return 0;
114f5b1c8a1SJohn Marino 	return 1;
115f5b1c8a1SJohn Marino }
116f5b1c8a1SJohn Marino 
117f5b1c8a1SJohn Marino int
EVP_DigestSignInit(EVP_MD_CTX * ctx,EVP_PKEY_CTX ** pctx,const EVP_MD * type,ENGINE * e,EVP_PKEY * pkey)118f5b1c8a1SJohn Marino EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
119f5b1c8a1SJohn Marino     ENGINE *e, EVP_PKEY *pkey)
120f5b1c8a1SJohn Marino {
121f5b1c8a1SJohn Marino 	return do_sigver_init(ctx, pctx, type, e, pkey, 0);
122f5b1c8a1SJohn Marino }
123f5b1c8a1SJohn Marino 
124f5b1c8a1SJohn Marino int
EVP_DigestVerifyInit(EVP_MD_CTX * ctx,EVP_PKEY_CTX ** pctx,const EVP_MD * type,ENGINE * e,EVP_PKEY * pkey)125f5b1c8a1SJohn Marino EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
126f5b1c8a1SJohn Marino     ENGINE *e, EVP_PKEY *pkey)
127f5b1c8a1SJohn Marino {
128f5b1c8a1SJohn Marino 	return do_sigver_init(ctx, pctx, type, e, pkey, 1);
129f5b1c8a1SJohn Marino }
130f5b1c8a1SJohn Marino 
131f5b1c8a1SJohn Marino int
EVP_DigestSignFinal(EVP_MD_CTX * ctx,unsigned char * sigret,size_t * siglen)132f5b1c8a1SJohn Marino EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
133f5b1c8a1SJohn Marino {
134*de0e0e4dSAntonio Huete Jimenez 	EVP_PKEY_CTX *pctx = ctx->pctx;
135*de0e0e4dSAntonio Huete Jimenez 	int sctx;
136*de0e0e4dSAntonio Huete Jimenez 	int r = 0;
137*de0e0e4dSAntonio Huete Jimenez 
138*de0e0e4dSAntonio Huete Jimenez 	if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
139*de0e0e4dSAntonio Huete Jimenez 		EVP_PKEY_CTX *dctx;
140*de0e0e4dSAntonio Huete Jimenez 
141*de0e0e4dSAntonio Huete Jimenez 		if (sigret == NULL)
142*de0e0e4dSAntonio Huete Jimenez 			return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
143*de0e0e4dSAntonio Huete Jimenez 
144*de0e0e4dSAntonio Huete Jimenez 		/* XXX - support EVP_MD_CTX_FLAG_FINALISE? */
145*de0e0e4dSAntonio Huete Jimenez 		if ((dctx = EVP_PKEY_CTX_dup(ctx->pctx)) == NULL)
146*de0e0e4dSAntonio Huete Jimenez 			return 0;
147*de0e0e4dSAntonio Huete Jimenez 		r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
148*de0e0e4dSAntonio Huete Jimenez 		EVP_PKEY_CTX_free(dctx);
149*de0e0e4dSAntonio Huete Jimenez 
150*de0e0e4dSAntonio Huete Jimenez 		return r;
151*de0e0e4dSAntonio Huete Jimenez 	}
152f5b1c8a1SJohn Marino 
153f5b1c8a1SJohn Marino 	if (ctx->pctx->pmeth->signctx)
154f5b1c8a1SJohn Marino 		sctx = 1;
155f5b1c8a1SJohn Marino 	else
156f5b1c8a1SJohn Marino 		sctx = 0;
157f5b1c8a1SJohn Marino 	if (sigret) {
158f5b1c8a1SJohn Marino 		EVP_MD_CTX tmp_ctx;
159f5b1c8a1SJohn Marino 		unsigned char md[EVP_MAX_MD_SIZE];
160f5b1c8a1SJohn Marino 		unsigned int mdlen = 0;
161f5b1c8a1SJohn Marino 		EVP_MD_CTX_init(&tmp_ctx);
162f5b1c8a1SJohn Marino 		if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
163f5b1c8a1SJohn Marino 			return 0;
164f5b1c8a1SJohn Marino 		if (sctx)
165f5b1c8a1SJohn Marino 			r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx,
166f5b1c8a1SJohn Marino 			    sigret, siglen, &tmp_ctx);
167f5b1c8a1SJohn Marino 		else
168f5b1c8a1SJohn Marino 			r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen);
169f5b1c8a1SJohn Marino 		EVP_MD_CTX_cleanup(&tmp_ctx);
170f5b1c8a1SJohn Marino 		if (sctx || !r)
171f5b1c8a1SJohn Marino 			return r;
172f5b1c8a1SJohn Marino 		if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
173f5b1c8a1SJohn Marino 			return 0;
174f5b1c8a1SJohn Marino 	} else {
175f5b1c8a1SJohn Marino 		if (sctx) {
176f5b1c8a1SJohn Marino 			if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret,
177f5b1c8a1SJohn Marino 			    siglen, ctx) <= 0)
178f5b1c8a1SJohn Marino 				return 0;
179f5b1c8a1SJohn Marino 		} else {
180f5b1c8a1SJohn Marino 			int s = EVP_MD_size(ctx->digest);
181f5b1c8a1SJohn Marino 			if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen,
182f5b1c8a1SJohn Marino 			    NULL, s) <= 0)
183f5b1c8a1SJohn Marino 				return 0;
184f5b1c8a1SJohn Marino 		}
185f5b1c8a1SJohn Marino 	}
186f5b1c8a1SJohn Marino 	return 1;
187f5b1c8a1SJohn Marino }
188f5b1c8a1SJohn Marino 
189f5b1c8a1SJohn Marino int
EVP_DigestSign(EVP_MD_CTX * ctx,unsigned char * sigret,size_t * siglen,const unsigned char * tbs,size_t tbslen)190*de0e0e4dSAntonio Huete Jimenez EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
191*de0e0e4dSAntonio Huete Jimenez     const unsigned char *tbs, size_t tbslen)
192*de0e0e4dSAntonio Huete Jimenez {
193*de0e0e4dSAntonio Huete Jimenez 	if (sigret != NULL) {
194*de0e0e4dSAntonio Huete Jimenez 		if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
195*de0e0e4dSAntonio Huete Jimenez 			return 0;
196*de0e0e4dSAntonio Huete Jimenez 	}
197*de0e0e4dSAntonio Huete Jimenez 
198*de0e0e4dSAntonio Huete Jimenez 	return EVP_DigestSignFinal(ctx, sigret, siglen);
199*de0e0e4dSAntonio Huete Jimenez }
200*de0e0e4dSAntonio Huete Jimenez 
201*de0e0e4dSAntonio Huete Jimenez int
EVP_DigestVerifyFinal(EVP_MD_CTX * ctx,const unsigned char * sig,size_t siglen)20272c33676SMaxim Ag EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen)
203f5b1c8a1SJohn Marino {
204f5b1c8a1SJohn Marino 	EVP_MD_CTX tmp_ctx;
205f5b1c8a1SJohn Marino 	unsigned char md[EVP_MAX_MD_SIZE];
206f5b1c8a1SJohn Marino 	int r;
207f5b1c8a1SJohn Marino 	unsigned int mdlen = 0;
208f5b1c8a1SJohn Marino 	int vctx;
209f5b1c8a1SJohn Marino 
210f5b1c8a1SJohn Marino 	if (ctx->pctx->pmeth->verifyctx)
211f5b1c8a1SJohn Marino 		vctx = 1;
212f5b1c8a1SJohn Marino 	else
213f5b1c8a1SJohn Marino 		vctx = 0;
214f5b1c8a1SJohn Marino 	EVP_MD_CTX_init(&tmp_ctx);
215f5b1c8a1SJohn Marino 	if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
216f5b1c8a1SJohn Marino 		return -1;
217f5b1c8a1SJohn Marino 	if (vctx) {
218f5b1c8a1SJohn Marino 		r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, sig,
219f5b1c8a1SJohn Marino 		    siglen, &tmp_ctx);
220f5b1c8a1SJohn Marino 	} else
221f5b1c8a1SJohn Marino 		r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen);
222f5b1c8a1SJohn Marino 	EVP_MD_CTX_cleanup(&tmp_ctx);
223f5b1c8a1SJohn Marino 	if (vctx || !r)
224f5b1c8a1SJohn Marino 		return r;
225f5b1c8a1SJohn Marino 	return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
226f5b1c8a1SJohn Marino }
227*de0e0e4dSAntonio Huete Jimenez 
228*de0e0e4dSAntonio Huete Jimenez int
EVP_DigestVerify(EVP_MD_CTX * ctx,const unsigned char * sigret,size_t siglen,const unsigned char * tbs,size_t tbslen)229*de0e0e4dSAntonio Huete Jimenez EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
230*de0e0e4dSAntonio Huete Jimenez     const unsigned char *tbs, size_t tbslen)
231*de0e0e4dSAntonio Huete Jimenez {
232*de0e0e4dSAntonio Huete Jimenez 	if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
233*de0e0e4dSAntonio Huete Jimenez 		return -1;
234*de0e0e4dSAntonio Huete Jimenez 
235*de0e0e4dSAntonio Huete Jimenez 	return EVP_DigestVerifyFinal(ctx, sigret, siglen);
236*de0e0e4dSAntonio Huete Jimenez }
237