2008-11-06 02:39:08 +08:00
|
|
|
/*
|
2025-03-12 21:35:59 +08:00
|
|
|
* Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
|
2006-05-25 01:30:09 +08:00
|
|
|
*
|
2018-12-06 20:40:06 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:24:46 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
2006-05-25 01:30:09 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
2015-05-14 22:56:48 +08:00
|
|
|
#include "internal/cryptlib.h"
|
2006-05-25 01:30:09 +08:00
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
#include <openssl/objects.h>
|
2019-09-28 06:45:33 +08:00
|
|
|
#include "crypto/evp.h"
|
2019-09-17 00:14:21 +08:00
|
|
|
#include "internal/provider.h"
|
2021-05-18 03:38:51 +08:00
|
|
|
#include "internal/numbers.h" /* includes SIZE_MAX */
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "evp_local.h"
|
2006-05-25 01:30:09 +08:00
|
|
|
|
2017-05-20 04:31:46 +08:00
|
|
|
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
|
|
|
|
{
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
|
2017-05-20 04:31:46 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-05 23:40:48 +08:00
|
|
|
/*
|
|
|
|
|
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
|
|
|
|
|
* NULL for this.
|
|
|
|
|
*/
|
|
|
|
|
static const char *canon_mdname(const char *mdname)
|
|
|
|
|
{
|
|
|
|
|
if (mdname != NULL && strcmp(mdname, "UNDEF") == 0)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
return mdname;
|
|
|
|
|
}
|
|
|
|
|
|
2006-08-29 01:01:04 +08:00
|
|
|
static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
2019-09-17 00:14:21 +08:00
|
|
|
const EVP_MD *type, const char *mdname,
|
2020-10-15 17:55:50 +08:00
|
|
|
OSSL_LIB_CTX *libctx, const char *props,
|
2021-03-02 18:20:25 +08:00
|
|
|
ENGINE *e, EVP_PKEY *pkey, int ver,
|
2021-07-14 08:03:22 +08:00
|
|
|
const OSSL_PARAM params[])
|
2006-05-25 01:30:09 +08:00
|
|
|
{
|
2019-09-17 00:14:21 +08:00
|
|
|
EVP_PKEY_CTX *locpctx = NULL;
|
2019-10-30 23:59:34 +08:00
|
|
|
EVP_SIGNATURE *signature = NULL;
|
2025-04-13 13:25:46 +08:00
|
|
|
const char *desc;
|
2020-01-14 21:11:47 +08:00
|
|
|
EVP_KEYMGMT *tmp_keymgmt = NULL;
|
2021-10-01 20:05:02 +08:00
|
|
|
const OSSL_PROVIDER *tmp_prov = NULL;
|
2020-01-14 21:11:47 +08:00
|
|
|
const char *supported_sig = NULL;
|
2020-01-13 15:49:44 +08:00
|
|
|
char locmdname[80] = ""; /* 80 chars should be enough */
|
2019-09-17 00:14:21 +08:00
|
|
|
void *provkey = NULL;
|
2021-11-04 18:06:26 +08:00
|
|
|
int ret, iter, reinit = 1;
|
2019-09-17 00:14:21 +08:00
|
|
|
|
2022-04-13 22:26:18 +08:00
|
|
|
if (!evp_md_ctx_free_algctx(ctx))
|
|
|
|
|
return 0;
|
2019-09-26 21:31:56 +08:00
|
|
|
|
2020-03-12 22:39:47 +08:00
|
|
|
if (ctx->pctx == NULL) {
|
2021-11-04 18:06:26 +08:00
|
|
|
reinit = 0;
|
2021-02-15 18:53:45 +08:00
|
|
|
if (e == NULL)
|
2020-03-12 22:39:47 +08:00
|
|
|
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
|
|
|
|
|
else
|
|
|
|
|
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
|
|
|
|
|
}
|
2019-10-30 23:59:34 +08:00
|
|
|
if (ctx->pctx == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_FINALISED);
|
|
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
locpctx = ctx->pctx;
|
2020-01-11 00:50:03 +08:00
|
|
|
ERR_set_mark();
|
|
|
|
|
|
2020-09-30 23:22:27 +08:00
|
|
|
if (evp_pkey_ctx_is_legacy(locpctx))
|
2019-09-17 00:14:21 +08:00
|
|
|
goto legacy;
|
|
|
|
|
|
2021-11-04 18:06:26 +08:00
|
|
|
/* do not reinitialize if pkey is set or operation is different */
|
|
|
|
|
if (reinit
|
|
|
|
|
&& (pkey != NULL
|
|
|
|
|
|| locpctx->operation != (ver ? EVP_PKEY_OP_VERIFYCTX
|
|
|
|
|
: EVP_PKEY_OP_SIGNCTX)
|
|
|
|
|
|| (signature = locpctx->op.sig.signature) == NULL
|
|
|
|
|
|| locpctx->op.sig.algctx == NULL))
|
|
|
|
|
reinit = 0;
|
|
|
|
|
|
|
|
|
|
if (props == NULL)
|
|
|
|
|
props = locpctx->propquery;
|
|
|
|
|
|
2021-10-01 21:02:15 +08:00
|
|
|
if (locpctx->pkey == NULL) {
|
|
|
|
|
ERR_clear_last_mark();
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-04 18:06:26 +08:00
|
|
|
if (!reinit) {
|
|
|
|
|
evp_pkey_ctx_free_old_ops(locpctx);
|
|
|
|
|
} else {
|
|
|
|
|
if (mdname == NULL && type == NULL)
|
|
|
|
|
mdname = canon_mdname(EVP_MD_get0_name(ctx->reqdigest));
|
|
|
|
|
goto reinitialize;
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-21 03:26:16 +08:00
|
|
|
/*
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
* Try to derive the supported signature from |locpctx->keymgmt|.
|
2020-02-21 03:26:16 +08:00
|
|
|
*/
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
if (!ossl_assert(locpctx->pkey->keymgmt == NULL
|
|
|
|
|
|| locpctx->pkey->keymgmt == locpctx->keymgmt)) {
|
2021-07-22 21:25:32 +08:00
|
|
|
ERR_clear_last_mark();
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
|
2020-07-28 23:47:03 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
supported_sig = evp_keymgmt_util_query_operation_name(locpctx->keymgmt,
|
|
|
|
|
OSSL_OP_SIGNATURE);
|
|
|
|
|
if (supported_sig == NULL) {
|
2020-01-11 00:50:03 +08:00
|
|
|
ERR_clear_last_mark();
|
2020-01-14 21:11:47 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
2019-09-17 00:14:21 +08:00
|
|
|
}
|
2020-01-14 21:11:47 +08:00
|
|
|
|
|
|
|
|
/*
|
2021-10-01 20:05:02 +08:00
|
|
|
* We perform two iterations:
|
|
|
|
|
*
|
|
|
|
|
* 1. Do the normal signature fetch, using the fetching data given by
|
|
|
|
|
* the EVP_PKEY_CTX.
|
|
|
|
|
* 2. Do the provider specific signature fetch, from the same provider
|
|
|
|
|
* as |ctx->keymgmt|
|
|
|
|
|
*
|
|
|
|
|
* We then try to fetch the keymgmt from the same provider as the
|
|
|
|
|
* signature, and try to export |ctx->pkey| to that keymgmt (when
|
|
|
|
|
* this keymgmt happens to be the same as |ctx->keymgmt|, the export
|
|
|
|
|
* is a no-op, but we call it anyway to not complicate the code even
|
|
|
|
|
* more).
|
|
|
|
|
* If the export call succeeds (returns a non-NULL provider key pointer),
|
|
|
|
|
* we're done and can perform the operation itself. If not, we perform
|
|
|
|
|
* the second iteration, or jump to legacy.
|
2020-01-14 21:11:47 +08:00
|
|
|
*/
|
2021-10-01 20:05:02 +08:00
|
|
|
for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) {
|
|
|
|
|
EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If we're on the second iteration, free the results from the first.
|
|
|
|
|
* They are NULL on the first iteration, so no need to check what
|
|
|
|
|
* iteration we're on.
|
|
|
|
|
*/
|
|
|
|
|
EVP_SIGNATURE_free(signature);
|
|
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
|
|
|
|
|
|
|
|
|
switch (iter) {
|
|
|
|
|
case 1:
|
|
|
|
|
signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig,
|
|
|
|
|
locpctx->propquery);
|
|
|
|
|
if (signature != NULL)
|
|
|
|
|
tmp_prov = EVP_SIGNATURE_get0_provider(signature);
|
|
|
|
|
break;
|
|
|
|
|
case 2:
|
|
|
|
|
tmp_prov = EVP_KEYMGMT_get0_provider(locpctx->keymgmt);
|
|
|
|
|
signature =
|
|
|
|
|
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
|
|
|
supported_sig, locpctx->propquery);
|
|
|
|
|
if (signature == NULL)
|
|
|
|
|
goto legacy;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (signature == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ensure that the key is provided, either natively, or as a cached
|
|
|
|
|
* export. We start by fetching the keymgmt with the same name as
|
|
|
|
|
* |locpctx->pkey|, but from the provider of the signature method, using
|
|
|
|
|
* the same property query as when fetching the signature method.
|
|
|
|
|
* With the keymgmt we found (if we did), we try to export |locpctx->pkey|
|
|
|
|
|
* to it (evp_pkey_export_to_provider() is smart enough to only actually
|
|
|
|
|
|
|
|
|
|
* export it if |tmp_keymgmt| is different from |locpctx->pkey|'s keymgmt)
|
|
|
|
|
*/
|
|
|
|
|
tmp_keymgmt_tofree = tmp_keymgmt =
|
|
|
|
|
evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
|
|
|
EVP_KEYMGMT_get0_name(locpctx->keymgmt),
|
|
|
|
|
locpctx->propquery);
|
|
|
|
|
if (tmp_keymgmt != NULL)
|
|
|
|
|
provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx,
|
|
|
|
|
&tmp_keymgmt, locpctx->propquery);
|
|
|
|
|
if (tmp_keymgmt == NULL)
|
|
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt_tofree);
|
|
|
|
|
}
|
2019-10-30 23:59:34 +08:00
|
|
|
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
if (provkey == NULL) {
|
2021-10-01 20:05:02 +08:00
|
|
|
EVP_SIGNATURE_free(signature);
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
ERR_clear_last_mark();
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-11 00:50:03 +08:00
|
|
|
ERR_pop_to_mark();
|
|
|
|
|
|
2019-10-30 23:59:34 +08:00
|
|
|
/* No more legacy from here down to legacy: */
|
2019-09-17 00:14:21 +08:00
|
|
|
|
|
|
|
|
locpctx->op.sig.signature = signature;
|
2019-10-30 23:59:34 +08:00
|
|
|
locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX
|
|
|
|
|
: EVP_PKEY_OP_SIGNCTX;
|
2021-05-14 11:08:42 +08:00
|
|
|
locpctx->op.sig.algctx
|
2020-05-07 03:44:58 +08:00
|
|
|
= signature->newctx(ossl_provider_ctx(signature->prov), props);
|
2021-05-14 11:08:42 +08:00
|
|
|
if (locpctx->op.sig.algctx == NULL) {
|
2019-09-17 00:14:21 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2021-11-04 18:06:26 +08:00
|
|
|
|
|
|
|
|
reinitialize:
|
|
|
|
|
if (pctx != NULL)
|
|
|
|
|
*pctx = locpctx;
|
|
|
|
|
|
2019-10-30 23:59:34 +08:00
|
|
|
if (type != NULL) {
|
2019-09-17 00:14:21 +08:00
|
|
|
ctx->reqdigest = type;
|
2020-01-13 15:49:44 +08:00
|
|
|
if (mdname == NULL)
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
mdname = canon_mdname(EVP_MD_get0_name(type));
|
2019-09-17 00:14:21 +08:00
|
|
|
} else {
|
2021-11-04 18:06:26 +08:00
|
|
|
if (mdname == NULL && !reinit) {
|
2020-04-20 15:29:16 +08:00
|
|
|
if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey,
|
|
|
|
|
locmdname,
|
|
|
|
|
sizeof(locmdname)) > 0) {
|
|
|
|
|
mdname = canon_mdname(locmdname);
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-01-13 15:49:44 +08:00
|
|
|
|
|
|
|
|
if (mdname != NULL) {
|
2020-09-03 18:50:30 +08:00
|
|
|
/*
|
|
|
|
|
* We're about to get a new digest so clear anything associated with
|
|
|
|
|
* an old digest.
|
|
|
|
|
*/
|
2022-03-10 17:38:09 +08:00
|
|
|
evp_md_ctx_clear_digest(ctx, 1, 0);
|
2020-09-03 18:50:30 +08:00
|
|
|
|
2020-09-14 23:33:29 +08:00
|
|
|
/* legacy code support for engines */
|
|
|
|
|
ERR_set_mark();
|
2020-01-13 15:49:44 +08:00
|
|
|
/*
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
* This might be requested by a later call to EVP_MD_CTX_get0_md().
|
2020-01-13 15:49:44 +08:00
|
|
|
* In that case the "explicit fetch" rules apply for that
|
|
|
|
|
* function (as per man pages), i.e. the ref count is not updated
|
2022-01-03 07:00:27 +08:00
|
|
|
* so the EVP_MD should not be used beyond the lifetime of the
|
2020-01-13 15:49:44 +08:00
|
|
|
* EVP_MD_CTX.
|
|
|
|
|
*/
|
2020-09-14 23:33:29 +08:00
|
|
|
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
|
|
|
|
|
if (ctx->fetched_digest != NULL) {
|
|
|
|
|
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
|
|
|
|
|
} else {
|
|
|
|
|
/* legacy engine support : remove the mark when this is deleted */
|
|
|
|
|
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
|
|
|
|
|
if (ctx->digest == NULL) {
|
|
|
|
|
(void)ERR_clear_last_mark();
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2020-09-03 18:50:30 +08:00
|
|
|
}
|
2020-09-14 23:33:29 +08:00
|
|
|
(void)ERR_pop_to_mark();
|
2020-01-13 15:49:44 +08:00
|
|
|
}
|
2019-09-17 00:14:21 +08:00
|
|
|
}
|
|
|
|
|
|
2025-04-13 13:25:46 +08:00
|
|
|
desc = signature->description != NULL ? signature->description : "";
|
2019-09-17 00:14:21 +08:00
|
|
|
if (ver) {
|
|
|
|
|
if (signature->digest_verify_init == NULL) {
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
|
|
|
|
|
"%s digest_verify_init:%s", signature->type_name, desc);
|
2019-09-17 00:14:21 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2021-05-14 11:08:42 +08:00
|
|
|
ret = signature->digest_verify_init(locpctx->op.sig.algctx,
|
2021-03-02 18:20:25 +08:00
|
|
|
mdname, provkey, params);
|
2019-09-17 00:14:21 +08:00
|
|
|
} else {
|
|
|
|
|
if (signature->digest_sign_init == NULL) {
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
|
|
|
|
|
"%s digest_sign_init:%s", signature->type_name, desc);
|
2019-09-17 00:14:21 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2021-05-14 11:08:42 +08:00
|
|
|
ret = signature->digest_sign_init(locpctx->op.sig.algctx,
|
2021-03-02 18:20:25 +08:00
|
|
|
mdname, provkey, params);
|
2019-09-17 00:14:21 +08:00
|
|
|
}
|
|
|
|
|
|
2021-07-07 14:32:16 +08:00
|
|
|
/*
|
|
|
|
|
* If the operation was not a success and no digest was found, an error
|
|
|
|
|
* needs to be raised.
|
|
|
|
|
*/
|
|
|
|
|
if (ret > 0 || mdname != NULL)
|
|
|
|
|
goto end;
|
|
|
|
|
if (type == NULL) /* This check is redundant but clarifies matters */
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST);
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
|
|
|
|
|
ver ? "%s digest_verify_init:%s" : "%s digest_sign_init:%s",
|
|
|
|
|
signature->type_name, desc);
|
2020-09-02 21:54:13 +08:00
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
err:
|
|
|
|
|
evp_pkey_ctx_free_old_ops(locpctx);
|
|
|
|
|
locpctx->operation = EVP_PKEY_OP_UNDEFINED;
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
2019-09-17 00:14:21 +08:00
|
|
|
return 0;
|
2007-05-16 07:52:03 +08:00
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
legacy:
|
2020-01-11 00:50:03 +08:00
|
|
|
/*
|
|
|
|
|
* If we don't have the full support we need with provided methods,
|
|
|
|
|
* let's go see if legacy does.
|
|
|
|
|
*/
|
|
|
|
|
ERR_pop_to_mark();
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
|
|
|
|
tmp_keymgmt = NULL;
|
2020-01-11 00:50:03 +08:00
|
|
|
|
2020-03-17 00:04:12 +08:00
|
|
|
if (type == NULL && mdname != NULL)
|
|
|
|
|
type = evp_get_digestbyname_ex(locpctx->libctx, mdname);
|
|
|
|
|
|
2020-01-07 18:49:08 +08:00
|
|
|
if (ctx->pctx->pmeth == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2020-01-12 08:05:01 +08:00
|
|
|
return 0;
|
2020-01-07 18:49:08 +08:00
|
|
|
}
|
|
|
|
|
|
2010-02-08 23:31:35 +08:00
|
|
|
if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
|
2007-05-16 07:52:03 +08:00
|
|
|
|
2010-02-08 23:31:35 +08:00
|
|
|
if (type == NULL) {
|
|
|
|
|
int def_nid;
|
|
|
|
|
if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
|
|
|
|
|
type = EVP_get_digestbynid(def_nid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (type == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST);
|
2010-02-08 23:31:35 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2007-05-16 07:52:03 +08:00
|
|
|
}
|
|
|
|
|
|
2006-05-25 01:30:09 +08:00
|
|
|
if (ver) {
|
2007-04-08 21:03:26 +08:00
|
|
|
if (ctx->pctx->pmeth->verifyctx_init) {
|
2007-04-11 20:33:06 +08:00
|
|
|
if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
|
2007-04-08 21:03:26 +08:00
|
|
|
return 0;
|
2007-04-11 20:33:06 +08:00
|
|
|
ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
|
2017-05-20 04:31:46 +08:00
|
|
|
} else if (ctx->pctx->pmeth->digestverify != 0) {
|
|
|
|
|
ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
|
|
|
|
|
ctx->update = update;
|
|
|
|
|
} else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
|
2006-05-25 01:30:09 +08:00
|
|
|
return 0;
|
2017-05-20 04:31:46 +08:00
|
|
|
}
|
2006-05-25 01:30:09 +08:00
|
|
|
} else {
|
2007-04-08 21:03:26 +08:00
|
|
|
if (ctx->pctx->pmeth->signctx_init) {
|
2007-04-11 20:33:06 +08:00
|
|
|
if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
|
2007-04-08 21:03:26 +08:00
|
|
|
return 0;
|
2007-04-11 20:33:06 +08:00
|
|
|
ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
|
2017-05-20 04:31:46 +08:00
|
|
|
} else if (ctx->pctx->pmeth->digestsign != 0) {
|
|
|
|
|
ctx->pctx->operation = EVP_PKEY_OP_SIGN;
|
|
|
|
|
ctx->update = update;
|
|
|
|
|
} else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
|
2006-05-25 01:30:09 +08:00
|
|
|
return 0;
|
2017-05-20 04:31:46 +08:00
|
|
|
}
|
2006-05-25 01:30:09 +08:00
|
|
|
}
|
2007-04-09 00:53:50 +08:00
|
|
|
if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
|
|
|
|
|
return 0;
|
2010-02-09 00:31:28 +08:00
|
|
|
if (pctx)
|
|
|
|
|
*pctx = ctx->pctx;
|
2010-02-08 23:31:35 +08:00
|
|
|
if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
|
|
|
|
|
return 1;
|
2007-04-11 20:33:06 +08:00
|
|
|
if (!EVP_DigestInit_ex(ctx, type, e))
|
2006-05-25 01:30:09 +08:00
|
|
|
return 0;
|
2018-09-04 17:21:10 +08:00
|
|
|
/*
|
|
|
|
|
* This indicates the current algorithm requires
|
|
|
|
|
* special treatment before hashing the tbs-message.
|
|
|
|
|
*/
|
2020-03-11 05:07:10 +08:00
|
|
|
ctx->pctx->flag_call_digest_custom = 0;
|
2018-09-05 15:19:17 +08:00
|
|
|
if (ctx->pctx->pmeth->digest_custom != NULL)
|
2020-03-11 05:07:10 +08:00
|
|
|
ctx->pctx->flag_call_digest_custom = 1;
|
2018-09-04 17:21:10 +08:00
|
|
|
|
2020-09-02 21:54:13 +08:00
|
|
|
ret = 1;
|
|
|
|
|
end:
|
|
|
|
|
if (ret > 0)
|
|
|
|
|
ret = evp_pkey_ctx_use_cached_data(locpctx);
|
|
|
|
|
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
2020-09-02 21:54:13 +08:00
|
|
|
return ret > 0 ? 1 : 0;
|
2006-05-25 01:30:09 +08:00
|
|
|
}
|
|
|
|
|
|
2020-09-24 17:42:23 +08:00
|
|
|
int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
2020-10-15 17:55:50 +08:00
|
|
|
const char *mdname, OSSL_LIB_CTX *libctx,
|
2021-03-02 18:20:25 +08:00
|
|
|
const char *props, EVP_PKEY *pkey,
|
2021-07-14 08:03:22 +08:00
|
|
|
const OSSL_PARAM params[])
|
2019-09-17 00:14:21 +08:00
|
|
|
{
|
2021-03-02 18:20:25 +08:00
|
|
|
return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0,
|
|
|
|
|
params);
|
2019-09-17 00:14:21 +08:00
|
|
|
}
|
|
|
|
|
|
2006-05-25 01:30:09 +08:00
|
|
|
int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
|
|
|
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
|
|
|
|
|
{
|
2021-03-02 18:20:25 +08:00
|
|
|
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0,
|
|
|
|
|
NULL);
|
2019-09-17 00:14:21 +08:00
|
|
|
}
|
|
|
|
|
|
2020-09-24 17:42:23 +08:00
|
|
|
int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
2020-10-15 17:55:50 +08:00
|
|
|
const char *mdname, OSSL_LIB_CTX *libctx,
|
2021-03-02 18:20:25 +08:00
|
|
|
const char *props, EVP_PKEY *pkey,
|
2021-07-14 08:03:22 +08:00
|
|
|
const OSSL_PARAM params[])
|
2019-09-17 00:14:21 +08:00
|
|
|
{
|
2021-03-02 18:20:25 +08:00
|
|
|
return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1,
|
|
|
|
|
params);
|
2006-05-25 01:30:09 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
|
|
|
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
|
|
|
|
|
{
|
2021-03-02 18:20:25 +08:00
|
|
|
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
|
|
|
|
|
NULL);
|
2019-09-17 00:14:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
|
|
|
|
{
|
2025-04-13 13:25:46 +08:00
|
|
|
EVP_SIGNATURE *signature;
|
|
|
|
|
const char *desc;
|
2019-09-17 00:14:21 +08:00
|
|
|
EVP_PKEY_CTX *pctx = ctx->pctx;
|
2025-04-13 13:25:46 +08:00
|
|
|
int ret;
|
2019-09-17 00:14:21 +08:00
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
if (pctx == NULL
|
|
|
|
|
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|
2021-05-14 11:08:42 +08:00
|
|
|
|| pctx->op.sig.algctx == NULL
|
2019-09-17 00:14:21 +08:00
|
|
|
|| pctx->op.sig.signature == NULL)
|
|
|
|
|
goto legacy;
|
|
|
|
|
|
2025-04-13 13:25:46 +08:00
|
|
|
signature = pctx->op.sig.signature;
|
|
|
|
|
desc = signature->description != NULL ? signature->description : "";
|
|
|
|
|
if (signature->digest_sign_update == NULL) {
|
|
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
|
|
|
|
|
"%s digest_sign_update:%s", signature->type_name, desc);
|
2020-03-05 23:40:48 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_set_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
ret = signature->digest_sign_update(pctx->op.sig.algctx, data, dsize);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
if (ret <= 0 && ERR_count_to_mark() == 0)
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
|
|
|
|
|
"%s digest_sign_update:%s", signature->type_name, desc);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_clear_last_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
return ret;
|
2019-09-17 00:14:21 +08:00
|
|
|
|
|
|
|
|
legacy:
|
2020-04-27 05:51:16 +08:00
|
|
|
if (pctx != NULL) {
|
2025-07-25 20:43:15 +08:00
|
|
|
if (pctx->pmeth == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2020-04-27 05:51:16 +08:00
|
|
|
/* do_sigver_init() checked that |digest_custom| is non-NULL */
|
|
|
|
|
if (pctx->flag_call_digest_custom
|
|
|
|
|
&& !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
|
|
|
|
|
return 0;
|
|
|
|
|
pctx->flag_call_digest_custom = 0;
|
|
|
|
|
}
|
2020-03-11 05:07:10 +08:00
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
return EVP_DigestUpdate(ctx, data, dsize);
|
2006-05-25 01:30:09 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
|
|
|
|
{
|
2025-04-13 13:25:46 +08:00
|
|
|
EVP_SIGNATURE *signature;
|
|
|
|
|
const char *desc;
|
2019-09-17 00:14:21 +08:00
|
|
|
EVP_PKEY_CTX *pctx = ctx->pctx;
|
2025-04-13 13:25:46 +08:00
|
|
|
int ret;
|
2019-09-17 00:14:21 +08:00
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
if (pctx == NULL
|
|
|
|
|
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|
2021-05-14 11:08:42 +08:00
|
|
|
|| pctx->op.sig.algctx == NULL
|
2019-09-17 00:14:21 +08:00
|
|
|
|| pctx->op.sig.signature == NULL)
|
|
|
|
|
goto legacy;
|
|
|
|
|
|
2025-04-13 13:25:46 +08:00
|
|
|
signature = pctx->op.sig.signature;
|
|
|
|
|
desc = signature->description != NULL ? signature->description : "";
|
|
|
|
|
if (signature->digest_verify_update == NULL) {
|
|
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
|
|
|
|
|
"%s digest_verify_update:%s", signature->type_name, desc);
|
2020-03-05 23:40:48 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_set_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
ret = signature->digest_verify_update(pctx->op.sig.algctx, data, dsize);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
if (ret <= 0 && ERR_count_to_mark() == 0)
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
|
|
|
|
|
"%s digest_verify_update:%s", signature->type_name, desc);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_clear_last_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
return ret;
|
2019-09-17 00:14:21 +08:00
|
|
|
|
|
|
|
|
legacy:
|
2020-04-27 06:26:39 +08:00
|
|
|
if (pctx != NULL) {
|
|
|
|
|
/* do_sigver_init() checked that |digest_custom| is non-NULL */
|
|
|
|
|
if (pctx->flag_call_digest_custom
|
|
|
|
|
&& !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
|
|
|
|
|
return 0;
|
|
|
|
|
pctx->flag_call_digest_custom = 0;
|
|
|
|
|
}
|
2020-03-11 05:07:10 +08:00
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
return EVP_DigestUpdate(ctx, data, dsize);
|
|
|
|
|
}
|
|
|
|
|
|
2006-05-25 01:30:09 +08:00
|
|
|
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
|
|
|
|
size_t *siglen)
|
|
|
|
|
{
|
2025-04-13 13:25:46 +08:00
|
|
|
EVP_SIGNATURE *signature;
|
|
|
|
|
const char *desc;
|
2024-08-16 17:10:22 +08:00
|
|
|
int sctx = 0;
|
|
|
|
|
int r = 0;
|
2023-02-24 08:51:27 +08:00
|
|
|
EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
|
2019-09-17 00:14:21 +08:00
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
if (pctx == NULL
|
|
|
|
|
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|
2021-05-14 11:08:42 +08:00
|
|
|
|| pctx->op.sig.algctx == NULL
|
2019-09-17 00:14:21 +08:00
|
|
|
|| pctx->op.sig.signature == NULL)
|
|
|
|
|
goto legacy;
|
|
|
|
|
|
2025-04-13 13:25:46 +08:00
|
|
|
signature = pctx->op.sig.signature;
|
|
|
|
|
desc = signature->description != NULL ? signature->description : "";
|
|
|
|
|
if (signature->digest_sign_final == NULL) {
|
|
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
|
|
|
|
|
"%s digest_sign_final:%s", signature->type_name, desc);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2025-05-22 22:22:13 +08:00
|
|
|
|
|
|
|
|
if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
|
|
|
|
|
/* try dup */
|
|
|
|
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
|
|
|
|
if (dctx != NULL)
|
|
|
|
|
pctx = dctx;
|
|
|
|
|
}
|
|
|
|
|
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_set_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
r = signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen,
|
|
|
|
|
sigret == NULL ? 0 : *siglen);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
if (!r && ERR_count_to_mark() == 0)
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
|
|
|
|
|
"%s digest_sign_final:%s", signature->type_name, desc);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_clear_last_mark();
|
2023-03-10 00:45:02 +08:00
|
|
|
if (dctx == NULL && sigret != NULL)
|
|
|
|
|
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
|
|
|
|
|
else
|
|
|
|
|
EVP_PKEY_CTX_free(dctx);
|
2021-08-25 19:50:40 +08:00
|
|
|
return r;
|
2019-09-17 00:14:21 +08:00
|
|
|
|
|
|
|
|
legacy:
|
2020-01-11 03:40:11 +08:00
|
|
|
if (pctx == NULL || pctx->pmeth == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-11 05:07:10 +08:00
|
|
|
/* do_sigver_init() checked that |digest_custom| is non-NULL */
|
|
|
|
|
if (pctx->flag_call_digest_custom
|
|
|
|
|
&& !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
|
|
|
|
|
return 0;
|
|
|
|
|
pctx->flag_call_digest_custom = 0;
|
|
|
|
|
|
2010-02-08 23:31:35 +08:00
|
|
|
if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
|
2020-01-11 03:40:11 +08:00
|
|
|
if (sigret == NULL)
|
2010-02-08 23:31:35 +08:00
|
|
|
return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
|
2023-03-10 00:45:02 +08:00
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) {
|
2013-11-13 22:33:57 +08:00
|
|
|
r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
|
2023-03-10 00:45:02 +08:00
|
|
|
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
|
|
|
|
|
} else {
|
2021-08-25 19:50:40 +08:00
|
|
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
2020-01-11 03:40:11 +08:00
|
|
|
if (dctx == NULL)
|
2013-11-13 22:33:57 +08:00
|
|
|
return 0;
|
|
|
|
|
r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
|
|
|
|
|
EVP_PKEY_CTX_free(dctx);
|
|
|
|
|
}
|
2010-02-08 23:31:35 +08:00
|
|
|
return r;
|
|
|
|
|
}
|
2020-01-11 03:40:11 +08:00
|
|
|
if (pctx->pmeth->signctx != NULL)
|
2007-04-11 20:33:06 +08:00
|
|
|
sctx = 1;
|
|
|
|
|
else
|
|
|
|
|
sctx = 0;
|
2020-01-11 03:40:11 +08:00
|
|
|
if (sigret != NULL) {
|
2006-05-25 01:30:09 +08:00
|
|
|
unsigned char md[EVP_MAX_MD_SIZE];
|
2015-05-06 17:16:55 +08:00
|
|
|
unsigned int mdlen = 0;
|
2020-01-11 03:40:11 +08:00
|
|
|
|
2013-11-13 22:33:57 +08:00
|
|
|
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
|
|
|
|
|
if (sctx)
|
2020-01-11 03:40:11 +08:00
|
|
|
r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
|
2013-11-13 22:33:57 +08:00
|
|
|
else
|
|
|
|
|
r = EVP_DigestFinal_ex(ctx, md, &mdlen);
|
2007-04-08 21:03:26 +08:00
|
|
|
} else {
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
|
2020-01-11 03:40:11 +08:00
|
|
|
|
2017-06-13 00:05:19 +08:00
|
|
|
if (tmp_ctx == NULL)
|
2013-11-13 22:33:57 +08:00
|
|
|
return 0;
|
2017-06-13 00:05:19 +08:00
|
|
|
if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
|
|
|
|
|
EVP_MD_CTX_free(tmp_ctx);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2013-11-13 22:33:57 +08:00
|
|
|
if (sctx)
|
2015-11-27 21:17:50 +08:00
|
|
|
r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
|
|
|
|
|
sigret, siglen, tmp_ctx);
|
2013-11-13 22:33:57 +08:00
|
|
|
else
|
2015-11-27 21:17:50 +08:00
|
|
|
r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX_free(tmp_ctx);
|
2013-11-13 22:33:57 +08:00
|
|
|
}
|
2007-04-11 20:33:06 +08:00
|
|
|
if (sctx || !r)
|
|
|
|
|
return r;
|
2020-01-11 03:40:11 +08:00
|
|
|
if (EVP_PKEY_sign(pctx, sigret, siglen, md, mdlen) <= 0)
|
2006-05-25 01:30:09 +08:00
|
|
|
return 0;
|
|
|
|
|
} else {
|
2007-04-11 20:33:06 +08:00
|
|
|
if (sctx) {
|
2010-02-08 23:31:35 +08:00
|
|
|
if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
|
2008-12-30 00:11:58 +08:00
|
|
|
return 0;
|
|
|
|
|
} else {
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
int s = EVP_MD_get_size(ctx->digest);
|
2020-01-11 03:40:11 +08:00
|
|
|
|
2024-08-26 09:24:24 +08:00
|
|
|
if (s <= 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
|
2007-04-11 20:33:06 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2006-05-25 01:30:09 +08:00
|
|
|
}
|
|
|
|
|
return 1;
|
2024-08-16 17:10:22 +08:00
|
|
|
}
|
2006-05-25 01:30:09 +08:00
|
|
|
|
2017-05-08 19:50:13 +08:00
|
|
|
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
|
|
|
|
const unsigned char *tbs, size_t tbslen)
|
|
|
|
|
{
|
2020-03-05 23:40:48 +08:00
|
|
|
EVP_PKEY_CTX *pctx = ctx->pctx;
|
2025-04-13 13:25:46 +08:00
|
|
|
int ret;
|
2020-03-05 23:40:48 +08:00
|
|
|
|
2025-01-24 15:21:03 +08:00
|
|
|
if (pctx == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2025-01-24 15:21:03 +08:00
|
|
|
if (pctx->operation == EVP_PKEY_OP_SIGNCTX
|
2021-05-14 11:08:42 +08:00
|
|
|
&& pctx->op.sig.algctx != NULL
|
2020-03-05 23:40:48 +08:00
|
|
|
&& pctx->op.sig.signature != NULL) {
|
2025-04-13 13:25:46 +08:00
|
|
|
EVP_SIGNATURE *signature = pctx->op.sig.signature;
|
|
|
|
|
|
|
|
|
|
if (signature->digest_sign != NULL) {
|
|
|
|
|
const char *desc = signature->description != NULL ? signature->description : "";
|
|
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
if (sigret != NULL)
|
|
|
|
|
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_set_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
ret = signature->digest_sign(pctx->op.sig.algctx, sigret, siglen,
|
|
|
|
|
sigret == NULL ? 0 : *siglen, tbs, tbslen);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
if (ret <= 0 && ERR_count_to_mark() == 0)
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
|
|
|
|
|
"%s digest_sign:%s", signature->type_name, desc);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_clear_last_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
return ret;
|
2023-03-10 00:45:02 +08:00
|
|
|
}
|
2020-03-05 23:40:48 +08:00
|
|
|
} else {
|
|
|
|
|
/* legacy */
|
2025-01-24 15:21:03 +08:00
|
|
|
if (pctx->pmeth != NULL && pctx->pmeth->digestsign != NULL)
|
|
|
|
|
return pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);
|
2020-03-05 23:40:48 +08:00
|
|
|
}
|
|
|
|
|
|
2017-05-08 19:50:13 +08:00
|
|
|
if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
|
|
|
|
|
return 0;
|
|
|
|
|
return EVP_DigestSignFinal(ctx, sigret, siglen);
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-15 05:00:40 +08:00
|
|
|
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
|
|
|
size_t siglen)
|
2006-05-25 01:30:09 +08:00
|
|
|
{
|
2025-04-13 13:25:46 +08:00
|
|
|
EVP_SIGNATURE *signature;
|
|
|
|
|
const char *desc;
|
2023-09-15 10:40:39 +08:00
|
|
|
int vctx = 0;
|
|
|
|
|
unsigned int mdlen = 0;
|
2006-05-25 01:30:09 +08:00
|
|
|
unsigned char md[EVP_MAX_MD_SIZE];
|
2015-05-06 17:16:55 +08:00
|
|
|
int r = 0;
|
2023-02-24 08:51:27 +08:00
|
|
|
EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
|
2019-09-17 00:14:21 +08:00
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
if (pctx == NULL
|
|
|
|
|
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|
2021-05-14 11:08:42 +08:00
|
|
|
|| pctx->op.sig.algctx == NULL
|
2019-09-17 00:14:21 +08:00
|
|
|
|| pctx->op.sig.signature == NULL)
|
|
|
|
|
goto legacy;
|
|
|
|
|
|
2025-04-13 13:25:46 +08:00
|
|
|
signature = pctx->op.sig.signature;
|
|
|
|
|
desc = signature->description != NULL ? signature->description : "";
|
|
|
|
|
if (signature->digest_verify_final == NULL) {
|
|
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
|
|
|
|
|
"%s digest_verify_final:%s", signature->type_name, desc);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2025-05-22 22:22:13 +08:00
|
|
|
|
|
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
|
|
|
|
|
/* try dup */
|
|
|
|
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
|
|
|
|
if (dctx != NULL)
|
|
|
|
|
pctx = dctx;
|
|
|
|
|
}
|
|
|
|
|
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_set_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
r = signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
if (!r && ERR_count_to_mark() == 0)
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
|
|
|
|
|
"%s digest_verify_final:%s", signature->type_name, desc);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_clear_last_mark();
|
2023-03-10 00:45:02 +08:00
|
|
|
if (dctx == NULL)
|
|
|
|
|
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
|
|
|
|
|
else
|
|
|
|
|
EVP_PKEY_CTX_free(dctx);
|
2021-08-25 19:50:40 +08:00
|
|
|
return r;
|
2008-12-30 00:11:58 +08:00
|
|
|
|
2019-09-17 00:14:21 +08:00
|
|
|
legacy:
|
2020-01-11 03:40:11 +08:00
|
|
|
if (pctx == NULL || pctx->pmeth == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-11 05:07:10 +08:00
|
|
|
/* do_sigver_init() checked that |digest_custom| is non-NULL */
|
|
|
|
|
if (pctx->flag_call_digest_custom
|
|
|
|
|
&& !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
|
|
|
|
|
return 0;
|
|
|
|
|
pctx->flag_call_digest_custom = 0;
|
|
|
|
|
|
2020-01-11 03:40:11 +08:00
|
|
|
if (pctx->pmeth->verifyctx != NULL)
|
2007-04-11 20:33:06 +08:00
|
|
|
vctx = 1;
|
|
|
|
|
else
|
|
|
|
|
vctx = 0;
|
2013-11-13 22:33:57 +08:00
|
|
|
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
|
2023-03-10 00:45:02 +08:00
|
|
|
if (vctx) {
|
2025-06-11 16:48:01 +08:00
|
|
|
r = pctx->pmeth->verifyctx(pctx, sig, (int)siglen, ctx);
|
2023-03-10 00:45:02 +08:00
|
|
|
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
|
|
|
|
|
} else
|
2013-11-13 22:33:57 +08:00
|
|
|
r = EVP_DigestFinal_ex(ctx, md, &mdlen);
|
2007-04-08 21:03:26 +08:00
|
|
|
} else {
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
|
2017-06-13 00:05:19 +08:00
|
|
|
if (tmp_ctx == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
|
|
|
|
|
EVP_MD_CTX_free(tmp_ctx);
|
2013-11-13 22:33:57 +08:00
|
|
|
return -1;
|
2017-06-13 00:05:19 +08:00
|
|
|
}
|
2018-09-04 17:21:10 +08:00
|
|
|
if (vctx)
|
2015-11-27 21:17:50 +08:00
|
|
|
r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
|
2025-06-11 16:48:01 +08:00
|
|
|
sig, (int)siglen, tmp_ctx);
|
2018-09-04 17:21:10 +08:00
|
|
|
else
|
2015-11-27 21:17:50 +08:00
|
|
|
r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX_free(tmp_ctx);
|
2013-11-13 22:33:57 +08:00
|
|
|
}
|
2007-04-11 20:33:06 +08:00
|
|
|
if (vctx || !r)
|
|
|
|
|
return r;
|
2020-01-11 03:40:11 +08:00
|
|
|
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
|
2024-08-16 17:10:22 +08:00
|
|
|
}
|
2017-05-08 19:50:13 +08:00
|
|
|
|
|
|
|
|
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
|
|
|
|
size_t siglen, const unsigned char *tbs, size_t tbslen)
|
|
|
|
|
{
|
2020-03-05 23:40:48 +08:00
|
|
|
EVP_PKEY_CTX *pctx = ctx->pctx;
|
|
|
|
|
|
2024-12-13 23:00:09 +08:00
|
|
|
if (pctx == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-13 23:00:09 +08:00
|
|
|
if (pctx->operation == EVP_PKEY_OP_VERIFYCTX
|
2021-05-14 11:08:42 +08:00
|
|
|
&& pctx->op.sig.algctx != NULL
|
2020-03-05 23:40:48 +08:00
|
|
|
&& pctx->op.sig.signature != NULL) {
|
2023-03-10 00:45:02 +08:00
|
|
|
if (pctx->op.sig.signature->digest_verify != NULL) {
|
2025-04-13 13:25:46 +08:00
|
|
|
EVP_SIGNATURE *signature = pctx->op.sig.signature;
|
|
|
|
|
const char *desc = signature->description != NULL ? signature->description : "";
|
|
|
|
|
int ret;
|
|
|
|
|
|
2023-03-10 00:45:02 +08:00
|
|
|
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_set_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
ret = signature->digest_verify(pctx->op.sig.algctx, sigret, siglen, tbs, tbslen);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
if (ret <= 0 && ERR_count_to_mark() == 0)
|
2025-04-13 13:25:46 +08:00
|
|
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
|
|
|
|
|
"%s digest_verify:%s", signature->type_name, desc);
|
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
2025-07-22 21:09:27 +08:00
|
|
|
ERR_clear_last_mark();
|
2025-04-13 13:25:46 +08:00
|
|
|
return ret;
|
2023-03-10 00:45:02 +08:00
|
|
|
}
|
2020-03-05 23:40:48 +08:00
|
|
|
} else {
|
|
|
|
|
/* legacy */
|
2024-12-13 23:00:09 +08:00
|
|
|
if (pctx->pmeth != NULL && pctx->pmeth->digestverify != NULL)
|
|
|
|
|
return pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
|
2020-03-05 23:40:48 +08:00
|
|
|
}
|
2017-05-08 19:50:13 +08:00
|
|
|
if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
|
|
|
|
|
return -1;
|
|
|
|
|
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
|
|
|
|
|
}
|
