m_sigver.c 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204
  1. /* m_sigver.c */
  2. /*
  3. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  4. * 2006.
  5. */
  6. /* ====================================================================
  7. * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved.
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. *
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. *
  16. * 2. Redistributions in binary form must reproduce the above copyright
  17. * notice, this list of conditions and the following disclaimer in
  18. * the documentation and/or other materials provided with the
  19. * distribution.
  20. *
  21. * 3. All advertising materials mentioning features or use of this
  22. * software must display the following acknowledgment:
  23. * "This product includes software developed by the OpenSSL Project
  24. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25. *
  26. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27. * endorse or promote products derived from this software without
  28. * prior written permission. For written permission, please contact
  29. * licensing@OpenSSL.org.
  30. *
  31. * 5. Products derived from this software may not be called "OpenSSL"
  32. * nor may "OpenSSL" appear in their names without prior written
  33. * permission of the OpenSSL Project.
  34. *
  35. * 6. Redistributions of any form whatsoever must retain the following
  36. * acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51. * OF THE POSSIBILITY OF SUCH DAMAGE.
  52. * ====================================================================
  53. *
  54. * This product includes cryptographic software written by Eric Young
  55. * (eay@cryptsoft.com). This product includes software written by Tim
  56. * Hudson (tjh@cryptsoft.com).
  57. *
  58. */
  59. #include <stdio.h>
  60. #include "cryptlib.h"
  61. #include <openssl/evp.h>
  62. #include <openssl/objects.h>
  63. #include <openssl/x509.h>
  64. #include "evp_locl.h"
  65. static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
  66. const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
  67. int ver)
  68. {
  69. if (ctx->pctx == NULL)
  70. ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
  71. if (ctx->pctx == NULL)
  72. return 0;
  73. if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
  74. if (type == NULL) {
  75. int def_nid;
  76. if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
  77. type = EVP_get_digestbynid(def_nid);
  78. }
  79. if (type == NULL) {
  80. EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
  81. return 0;
  82. }
  83. }
  84. if (ver) {
  85. if (ctx->pctx->pmeth->verifyctx_init) {
  86. if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
  87. return 0;
  88. ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
  89. } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
  90. return 0;
  91. } else {
  92. if (ctx->pctx->pmeth->signctx_init) {
  93. if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
  94. return 0;
  95. ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
  96. } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
  97. return 0;
  98. }
  99. if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
  100. return 0;
  101. if (pctx)
  102. *pctx = ctx->pctx;
  103. if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
  104. return 1;
  105. if (!EVP_DigestInit_ex(ctx, type, e))
  106. return 0;
  107. return 1;
  108. }
  109. int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
  110. const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
  111. {
  112. return do_sigver_init(ctx, pctx, type, e, pkey, 0);
  113. }
  114. int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
  115. const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
  116. {
  117. return do_sigver_init(ctx, pctx, type, e, pkey, 1);
  118. }
  119. int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
  120. size_t *siglen)
  121. {
  122. int sctx, r = 0;
  123. EVP_PKEY_CTX *pctx = ctx->pctx;
  124. if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
  125. EVP_PKEY_CTX *dctx;
  126. if (!sigret)
  127. return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
  128. dctx = EVP_PKEY_CTX_dup(ctx->pctx);
  129. if (!dctx)
  130. return 0;
  131. r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
  132. EVP_PKEY_CTX_free(dctx);
  133. return r;
  134. }
  135. if (pctx->pmeth->signctx)
  136. sctx = 1;
  137. else
  138. sctx = 0;
  139. if (sigret) {
  140. EVP_MD_CTX tmp_ctx;
  141. unsigned char md[EVP_MAX_MD_SIZE];
  142. unsigned int mdlen;
  143. EVP_MD_CTX_init(&tmp_ctx);
  144. if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
  145. return 0;
  146. if (sctx)
  147. r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx,
  148. sigret, siglen, &tmp_ctx);
  149. else
  150. r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen);
  151. EVP_MD_CTX_cleanup(&tmp_ctx);
  152. if (sctx || !r)
  153. return r;
  154. if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
  155. return 0;
  156. } else {
  157. if (sctx) {
  158. if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
  159. return 0;
  160. } else {
  161. int s = EVP_MD_size(ctx->digest);
  162. if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
  163. return 0;
  164. }
  165. }
  166. return 1;
  167. }
  168. int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
  169. size_t siglen)
  170. {
  171. EVP_MD_CTX tmp_ctx;
  172. unsigned char md[EVP_MAX_MD_SIZE];
  173. int r;
  174. unsigned int mdlen;
  175. int vctx;
  176. if (ctx->pctx->pmeth->verifyctx)
  177. vctx = 1;
  178. else
  179. vctx = 0;
  180. EVP_MD_CTX_init(&tmp_ctx);
  181. if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
  182. return -1;
  183. if (vctx) {
  184. r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx,
  185. sig, siglen, &tmp_ctx);
  186. } else
  187. r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen);
  188. EVP_MD_CTX_cleanup(&tmp_ctx);
  189. if (vctx || !r)
  190. return r;
  191. return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
  192. }