File: | out/../deps/openssl/openssl/crypto/evp/m_sigver.c |
Warning: | line 583, column 13 Access to field 'pmeth' results in a dereference of a null pointer (loaded from field 'pctx') |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* | |||
2 | * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. | |||
3 | * | |||
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |||
5 | * this file except in compliance with the License. You can obtain a copy | |||
6 | * in the file LICENSE in the source distribution or at | |||
7 | * https://www.openssl.org/source/license.html | |||
8 | */ | |||
9 | ||||
10 | #include <stdio.h> | |||
11 | #include "internal/cryptlib.h" | |||
12 | #include <openssl/evp.h> | |||
13 | #include <openssl/objects.h> | |||
14 | #include "crypto/evp.h" | |||
15 | #include "internal/provider.h" | |||
16 | #include "internal/numbers.h" /* includes SIZE_MAX */ | |||
17 | #include "evp_local.h" | |||
18 | ||||
19 | #ifndef FIPS_MODULE | |||
20 | ||||
21 | static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) | |||
22 | { | |||
23 | ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,23,__func__), ERR_set_error)((6),(177),((void*)0)); | |||
24 | return 0; | |||
25 | } | |||
26 | ||||
27 | /* | |||
28 | * If we get the "NULL" md then the name comes back as "UNDEF". We want to use | |||
29 | * NULL for this. | |||
30 | */ | |||
31 | static const char *canon_mdname(const char *mdname) | |||
32 | { | |||
33 | if (mdname != NULL((void*)0) && strcmp(mdname, "UNDEF") == 0) | |||
34 | return NULL((void*)0); | |||
35 | ||||
36 | return mdname; | |||
37 | } | |||
38 | ||||
39 | static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, | |||
40 | const EVP_MD *type, const char *mdname, | |||
41 | OSSL_LIB_CTX *libctx, const char *props, | |||
42 | ENGINE *e, EVP_PKEY *pkey, int ver, | |||
43 | const OSSL_PARAM params[]) | |||
44 | { | |||
45 | EVP_PKEY_CTX *locpctx = NULL((void*)0); | |||
46 | EVP_SIGNATURE *signature = NULL((void*)0); | |||
47 | EVP_KEYMGMT *tmp_keymgmt = NULL((void*)0); | |||
48 | const OSSL_PROVIDER *tmp_prov = NULL((void*)0); | |||
49 | const char *supported_sig = NULL((void*)0); | |||
50 | char locmdname[80] = ""; /* 80 chars should be enough */ | |||
51 | void *provkey = NULL((void*)0); | |||
52 | int ret, iter, reinit = 1; | |||
53 | ||||
54 | if (ctx->algctx != NULL((void*)0)) { | |||
55 | if (!ossl_assert(ctx->digest != NULL)((ctx->digest != ((void*)0)) != 0)) { | |||
56 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,56,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
57 | return 0; | |||
58 | } | |||
59 | if (ctx->digest->freectx != NULL((void*)0)) | |||
60 | ctx->digest->freectx(ctx->algctx); | |||
61 | ctx->algctx = NULL((void*)0); | |||
62 | } | |||
63 | ||||
64 | if (ctx->pctx == NULL((void*)0)) { | |||
65 | reinit = 0; | |||
66 | if (e == NULL((void*)0)) | |||
67 | ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); | |||
68 | else | |||
69 | ctx->pctx = EVP_PKEY_CTX_new(pkey, e); | |||
70 | } | |||
71 | if (ctx->pctx == NULL((void*)0)) | |||
72 | return 0; | |||
73 | ||||
74 | locpctx = ctx->pctx; | |||
75 | ERR_set_mark(); | |||
76 | ||||
77 | if (evp_pkey_ctx_is_legacy(locpctx)((locpctx)->keymgmt == ((void*)0))) | |||
78 | goto legacy; | |||
79 | ||||
80 | /* do not reinitialize if pkey is set or operation is different */ | |||
81 | if (reinit | |||
82 | && (pkey != NULL((void*)0) | |||
83 | || locpctx->operation != (ver ? EVP_PKEY_OP_VERIFYCTX(1<<8) | |||
84 | : EVP_PKEY_OP_SIGNCTX(1<<7)) | |||
85 | || (signature = locpctx->op.sig.signature) == NULL((void*)0) | |||
86 | || locpctx->op.sig.algctx == NULL((void*)0))) | |||
87 | reinit = 0; | |||
88 | ||||
89 | if (props == NULL((void*)0)) | |||
90 | props = locpctx->propquery; | |||
91 | ||||
92 | if (locpctx->pkey == NULL((void*)0)) { | |||
93 | ERR_clear_last_mark(); | |||
94 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,94,__func__), ERR_set_error)((6),(154),((void*)0)); | |||
95 | goto err; | |||
96 | } | |||
97 | ||||
98 | if (!reinit) { | |||
99 | evp_pkey_ctx_free_old_ops(locpctx); | |||
100 | } else { | |||
101 | if (mdname == NULL((void*)0) && type == NULL((void*)0)) | |||
102 | mdname = canon_mdname(EVP_MD_get0_name(ctx->reqdigest)); | |||
103 | goto reinitialize; | |||
104 | } | |||
105 | ||||
106 | /* | |||
107 | * Try to derive the supported signature from |locpctx->keymgmt|. | |||
108 | */ | |||
109 | if (!ossl_assert(locpctx->pkey->keymgmt == NULL((locpctx->pkey->keymgmt == ((void*)0) || locpctx->pkey ->keymgmt == locpctx->keymgmt) != 0) | |||
110 | || locpctx->pkey->keymgmt == locpctx->keymgmt)((locpctx->pkey->keymgmt == ((void*)0) || locpctx->pkey ->keymgmt == locpctx->keymgmt) != 0)) { | |||
111 | ERR_clear_last_mark(); | |||
112 | ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,112,__func__), ERR_set_error)((6),((259|((0x1 << 18L)| (0x2 << 18L)))),((void*)0)); | |||
113 | goto err; | |||
114 | } | |||
115 | supported_sig = evp_keymgmt_util_query_operation_name(locpctx->keymgmt, | |||
116 | OSSL_OP_SIGNATURE12); | |||
117 | if (supported_sig == NULL((void*)0)) { | |||
118 | ERR_clear_last_mark(); | |||
119 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,119,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
120 | goto err; | |||
121 | } | |||
122 | ||||
123 | /* | |||
124 | * We perform two iterations: | |||
125 | * | |||
126 | * 1. Do the normal signature fetch, using the fetching data given by | |||
127 | * the EVP_PKEY_CTX. | |||
128 | * 2. Do the provider specific signature fetch, from the same provider | |||
129 | * as |ctx->keymgmt| | |||
130 | * | |||
131 | * We then try to fetch the keymgmt from the same provider as the | |||
132 | * signature, and try to export |ctx->pkey| to that keymgmt (when | |||
133 | * this keymgmt happens to be the same as |ctx->keymgmt|, the export | |||
134 | * is a no-op, but we call it anyway to not complicate the code even | |||
135 | * more). | |||
136 | * If the export call succeeds (returns a non-NULL provider key pointer), | |||
137 | * we're done and can perform the operation itself. If not, we perform | |||
138 | * the second iteration, or jump to legacy. | |||
139 | */ | |||
140 | for (iter = 1, provkey = NULL((void*)0); iter < 3 && provkey == NULL((void*)0); iter++) { | |||
141 | EVP_KEYMGMT *tmp_keymgmt_tofree = NULL((void*)0); | |||
142 | ||||
143 | /* | |||
144 | * If we're on the second iteration, free the results from the first. | |||
145 | * They are NULL on the first iteration, so no need to check what | |||
146 | * iteration we're on. | |||
147 | */ | |||
148 | EVP_SIGNATURE_free(signature); | |||
149 | EVP_KEYMGMT_free(tmp_keymgmt); | |||
150 | ||||
151 | switch (iter) { | |||
152 | case 1: | |||
153 | signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig, | |||
154 | locpctx->propquery); | |||
155 | if (signature != NULL((void*)0)) | |||
156 | tmp_prov = EVP_SIGNATURE_get0_provider(signature); | |||
157 | break; | |||
158 | case 2: | |||
159 | tmp_prov = EVP_KEYMGMT_get0_provider(locpctx->keymgmt); | |||
160 | signature = | |||
161 | evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, | |||
162 | supported_sig, locpctx->propquery); | |||
163 | if (signature == NULL((void*)0)) | |||
164 | goto legacy; | |||
165 | break; | |||
166 | } | |||
167 | if (signature == NULL((void*)0)) | |||
168 | continue; | |||
169 | ||||
170 | /* | |||
171 | * Ensure that the key is provided, either natively, or as a cached | |||
172 | * export. We start by fetching the keymgmt with the same name as | |||
173 | * |locpctx->pkey|, but from the provider of the signature method, using | |||
174 | * the same property query as when fetching the signature method. | |||
175 | * With the keymgmt we found (if we did), we try to export |locpctx->pkey| | |||
176 | * to it (evp_pkey_export_to_provider() is smart enough to only actually | |||
177 | ||||
178 | * export it if |tmp_keymgmt| is different from |locpctx->pkey|'s keymgmt) | |||
179 | */ | |||
180 | tmp_keymgmt_tofree = tmp_keymgmt = | |||
181 | evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, | |||
182 | EVP_KEYMGMT_get0_name(locpctx->keymgmt), | |||
183 | locpctx->propquery); | |||
184 | if (tmp_keymgmt != NULL((void*)0)) | |||
185 | provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx, | |||
186 | &tmp_keymgmt, locpctx->propquery); | |||
187 | if (tmp_keymgmt == NULL((void*)0)) | |||
188 | EVP_KEYMGMT_free(tmp_keymgmt_tofree); | |||
189 | } | |||
190 | ||||
191 | if (provkey == NULL((void*)0)) { | |||
192 | EVP_SIGNATURE_free(signature); | |||
193 | ERR_clear_last_mark(); | |||
194 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,194,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
195 | goto err; | |||
196 | } | |||
197 | ||||
198 | ERR_pop_to_mark(); | |||
199 | ||||
200 | /* No more legacy from here down to legacy: */ | |||
201 | ||||
202 | locpctx->op.sig.signature = signature; | |||
203 | locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX(1<<8) | |||
204 | : EVP_PKEY_OP_SIGNCTX(1<<7); | |||
205 | locpctx->op.sig.algctx | |||
206 | = signature->newctx(ossl_provider_ctx(signature->prov), props); | |||
207 | if (locpctx->op.sig.algctx == NULL((void*)0)) { | |||
208 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,208,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
209 | goto err; | |||
210 | } | |||
211 | ||||
212 | reinitialize: | |||
213 | if (pctx != NULL((void*)0)) | |||
214 | *pctx = locpctx; | |||
215 | ||||
216 | if (type != NULL((void*)0)) { | |||
217 | ctx->reqdigest = type; | |||
218 | if (mdname == NULL((void*)0)) | |||
219 | mdname = canon_mdname(EVP_MD_get0_name(type)); | |||
220 | } else { | |||
221 | if (mdname == NULL((void*)0) && !reinit) { | |||
222 | if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey, | |||
223 | locmdname, | |||
224 | sizeof(locmdname)) > 0) { | |||
225 | mdname = canon_mdname(locmdname); | |||
226 | } | |||
227 | } | |||
228 | ||||
229 | if (mdname != NULL((void*)0)) { | |||
230 | /* | |||
231 | * We're about to get a new digest so clear anything associated with | |||
232 | * an old digest. | |||
233 | */ | |||
234 | evp_md_ctx_clear_digest(ctx, 1, 0); | |||
235 | ||||
236 | /* legacy code support for engines */ | |||
237 | ERR_set_mark(); | |||
238 | /* | |||
239 | * This might be requested by a later call to EVP_MD_CTX_get0_md(). | |||
240 | * In that case the "explicit fetch" rules apply for that | |||
241 | * function (as per man pages), i.e. the ref count is not updated | |||
242 | * so the EVP_MD should not be used beyound the lifetime of the | |||
243 | * EVP_MD_CTX. | |||
244 | */ | |||
245 | ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); | |||
246 | if (ctx->fetched_digest != NULL((void*)0)) { | |||
247 | ctx->digest = ctx->reqdigest = ctx->fetched_digest; | |||
248 | } else { | |||
249 | /* legacy engine support : remove the mark when this is deleted */ | |||
250 | ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); | |||
251 | if (ctx->digest == NULL((void*)0)) { | |||
252 | (void)ERR_clear_last_mark(); | |||
253 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,253,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
254 | goto err; | |||
255 | } | |||
256 | } | |||
257 | (void)ERR_pop_to_mark(); | |||
258 | } | |||
259 | } | |||
260 | ||||
261 | if (ver) { | |||
262 | if (signature->digest_verify_init == NULL((void*)0)) { | |||
263 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,263,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
264 | goto err; | |||
265 | } | |||
266 | ret = signature->digest_verify_init(locpctx->op.sig.algctx, | |||
267 | mdname, provkey, params); | |||
268 | } else { | |||
269 | if (signature->digest_sign_init == NULL((void*)0)) { | |||
270 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,270,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
271 | goto err; | |||
272 | } | |||
273 | ret = signature->digest_sign_init(locpctx->op.sig.algctx, | |||
274 | mdname, provkey, params); | |||
275 | } | |||
276 | ||||
277 | /* | |||
278 | * If the operation was not a success and no digest was found, an error | |||
279 | * needs to be raised. | |||
280 | */ | |||
281 | if (ret > 0 || mdname != NULL((void*)0)) | |||
282 | goto end; | |||
283 | if (type == NULL((void*)0)) /* This check is redundant but clarifies matters */ | |||
284 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,284,__func__), ERR_set_error)((6),(158),((void*)0)); | |||
285 | ||||
286 | err: | |||
287 | evp_pkey_ctx_free_old_ops(locpctx); | |||
288 | locpctx->operation = EVP_PKEY_OP_UNDEFINED0; | |||
289 | EVP_KEYMGMT_free(tmp_keymgmt); | |||
290 | return 0; | |||
291 | ||||
292 | legacy: | |||
293 | /* | |||
294 | * If we don't have the full support we need with provided methods, | |||
295 | * let's go see if legacy does. | |||
296 | */ | |||
297 | ERR_pop_to_mark(); | |||
298 | EVP_KEYMGMT_free(tmp_keymgmt); | |||
299 | tmp_keymgmt = NULL((void*)0); | |||
300 | ||||
301 | if (type == NULL((void*)0) && mdname != NULL((void*)0)) | |||
302 | type = evp_get_digestbyname_ex(locpctx->libctx, mdname); | |||
303 | ||||
304 | if (ctx->pctx->pmeth == NULL((void*)0)) { | |||
305 | ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,305,__func__), ERR_set_error)((6),(150),((void*)0)); | |||
306 | return 0; | |||
307 | } | |||
308 | ||||
309 | if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM4)) { | |||
310 | ||||
311 | if (type == NULL((void*)0)) { | |||
312 | int def_nid; | |||
313 | if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) | |||
314 | type = EVP_get_digestbynid(def_nid)EVP_get_digestbyname(OBJ_nid2sn(def_nid)); | |||
315 | } | |||
316 | ||||
317 | if (type == NULL((void*)0)) { | |||
318 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,318,__func__), ERR_set_error)((6),(158),((void*)0)); | |||
319 | return 0; | |||
320 | } | |||
321 | } | |||
322 | ||||
323 | if (ver) { | |||
324 | if (ctx->pctx->pmeth->verifyctx_init) { | |||
325 | if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0) | |||
326 | return 0; | |||
327 | ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX(1<<8); | |||
328 | } else if (ctx->pctx->pmeth->digestverify != 0) { | |||
329 | ctx->pctx->operation = EVP_PKEY_OP_VERIFY(1<<5); | |||
330 | ctx->update = update; | |||
331 | } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) { | |||
332 | return 0; | |||
333 | } | |||
334 | } else { | |||
335 | if (ctx->pctx->pmeth->signctx_init) { | |||
336 | if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) | |||
337 | return 0; | |||
338 | ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX(1<<7); | |||
339 | } else if (ctx->pctx->pmeth->digestsign != 0) { | |||
340 | ctx->pctx->operation = EVP_PKEY_OP_SIGN(1<<4); | |||
341 | ctx->update = update; | |||
342 | } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) { | |||
343 | return 0; | |||
344 | } | |||
345 | } | |||
346 | if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) | |||
347 | return 0; | |||
348 | if (pctx) | |||
349 | *pctx = ctx->pctx; | |||
350 | if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM4) | |||
351 | return 1; | |||
352 | if (!EVP_DigestInit_ex(ctx, type, e)) | |||
353 | return 0; | |||
354 | /* | |||
355 | * This indicates the current algorithm requires | |||
356 | * special treatment before hashing the tbs-message. | |||
357 | */ | |||
358 | ctx->pctx->flag_call_digest_custom = 0; | |||
359 | if (ctx->pctx->pmeth->digest_custom != NULL((void*)0)) | |||
360 | ctx->pctx->flag_call_digest_custom = 1; | |||
361 | ||||
362 | ret = 1; | |||
363 | ||||
364 | end: | |||
365 | #ifndef FIPS_MODULE | |||
366 | if (ret > 0) | |||
367 | ret = evp_pkey_ctx_use_cached_data(locpctx); | |||
368 | #endif | |||
369 | ||||
370 | EVP_KEYMGMT_free(tmp_keymgmt); | |||
371 | return ret > 0 ? 1 : 0; | |||
372 | } | |||
373 | ||||
374 | int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, | |||
375 | const char *mdname, OSSL_LIB_CTX *libctx, | |||
376 | const char *props, EVP_PKEY *pkey, | |||
377 | const OSSL_PARAM params[]) | |||
378 | { | |||
379 | return do_sigver_init(ctx, pctx, NULL((void*)0), mdname, libctx, props, NULL((void*)0), pkey, 0, | |||
380 | params); | |||
381 | } | |||
382 | ||||
383 | int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, | |||
384 | const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) | |||
385 | { | |||
386 | return do_sigver_init(ctx, pctx, type, NULL((void*)0), NULL((void*)0), NULL((void*)0), e, pkey, 0, | |||
387 | NULL((void*)0)); | |||
388 | } | |||
389 | ||||
390 | int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, | |||
391 | const char *mdname, OSSL_LIB_CTX *libctx, | |||
392 | const char *props, EVP_PKEY *pkey, | |||
393 | const OSSL_PARAM params[]) | |||
394 | { | |||
395 | return do_sigver_init(ctx, pctx, NULL((void*)0), mdname, libctx, props, NULL((void*)0), pkey, 1, | |||
396 | params); | |||
397 | } | |||
398 | ||||
399 | int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, | |||
400 | const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) | |||
401 | { | |||
402 | return do_sigver_init(ctx, pctx, type, NULL((void*)0), NULL((void*)0), NULL((void*)0), e, pkey, 1, | |||
403 | NULL((void*)0)); | |||
404 | } | |||
405 | #endif /* FIPS_MDOE */ | |||
406 | ||||
407 | int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) | |||
408 | { | |||
409 | EVP_PKEY_CTX *pctx = ctx->pctx; | |||
410 | ||||
411 | if (pctx == NULL((void*)0) | |||
412 | || pctx->operation != EVP_PKEY_OP_SIGNCTX(1<<7) | |||
413 | || pctx->op.sig.algctx == NULL((void*)0) | |||
414 | || pctx->op.sig.signature == NULL((void*)0)) | |||
415 | goto legacy; | |||
416 | ||||
417 | if (pctx->op.sig.signature->digest_sign_update == NULL((void*)0)) { | |||
418 | ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,418,__func__), ERR_set_error)((6),((257|((0x1 << 18L)| (0x2 << 18L)))),((void*)0)); | |||
419 | return 0; | |||
420 | } | |||
421 | ||||
422 | return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.algctx, | |||
423 | data, dsize); | |||
424 | ||||
425 | legacy: | |||
426 | if (pctx != NULL((void*)0)) { | |||
427 | /* do_sigver_init() checked that |digest_custom| is non-NULL */ | |||
428 | if (pctx->flag_call_digest_custom | |||
429 | && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx)) | |||
430 | return 0; | |||
431 | pctx->flag_call_digest_custom = 0; | |||
432 | } | |||
433 | ||||
434 | return EVP_DigestUpdate(ctx, data, dsize); | |||
435 | } | |||
436 | ||||
437 | int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) | |||
438 | { | |||
439 | EVP_PKEY_CTX *pctx = ctx->pctx; | |||
440 | ||||
441 | if (pctx == NULL((void*)0) | |||
442 | || pctx->operation != EVP_PKEY_OP_VERIFYCTX(1<<8) | |||
443 | || pctx->op.sig.algctx == NULL((void*)0) | |||
444 | || pctx->op.sig.signature == NULL((void*)0)) | |||
445 | goto legacy; | |||
446 | ||||
447 | if (pctx->op.sig.signature->digest_verify_update == NULL((void*)0)) { | |||
448 | ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,448,__func__), ERR_set_error)((6),((257|((0x1 << 18L)| (0x2 << 18L)))),((void*)0)); | |||
449 | return 0; | |||
450 | } | |||
451 | ||||
452 | return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.algctx, | |||
453 | data, dsize); | |||
454 | ||||
455 | legacy: | |||
456 | if (pctx != NULL((void*)0)) { | |||
457 | /* do_sigver_init() checked that |digest_custom| is non-NULL */ | |||
458 | if (pctx->flag_call_digest_custom | |||
459 | && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx)) | |||
460 | return 0; | |||
461 | pctx->flag_call_digest_custom = 0; | |||
462 | } | |||
463 | ||||
464 | return EVP_DigestUpdate(ctx, data, dsize); | |||
465 | } | |||
466 | ||||
467 | #ifndef FIPS_MODULE | |||
468 | int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, | |||
469 | size_t *siglen) | |||
470 | { | |||
471 | int sctx = 0, r = 0; | |||
472 | EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; | |||
473 | ||||
474 | if (pctx == NULL((void*)0) | |||
475 | || pctx->operation != EVP_PKEY_OP_SIGNCTX(1<<7) | |||
476 | || pctx->op.sig.algctx == NULL((void*)0) | |||
477 | || pctx->op.sig.signature == NULL((void*)0)) | |||
478 | goto legacy; | |||
479 | ||||
480 | if (sigret == NULL((void*)0) || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) != 0) | |||
481 | return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, | |||
482 | sigret, siglen, | |||
483 | sigret == NULL((void*)0) ? 0 : *siglen); | |||
484 | dctx = EVP_PKEY_CTX_dup(pctx); | |||
485 | if (dctx == NULL((void*)0)) | |||
486 | return 0; | |||
487 | ||||
488 | r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx, | |||
489 | sigret, siglen, | |||
490 | *siglen); | |||
491 | EVP_PKEY_CTX_free(dctx); | |||
492 | return r; | |||
493 | ||||
494 | legacy: | |||
495 | if (pctx == NULL((void*)0) || pctx->pmeth == NULL((void*)0)) { | |||
496 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,496,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
497 | return 0; | |||
498 | } | |||
499 | ||||
500 | /* do_sigver_init() checked that |digest_custom| is non-NULL */ | |||
501 | if (pctx->flag_call_digest_custom | |||
502 | && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx)) | |||
503 | return 0; | |||
504 | pctx->flag_call_digest_custom = 0; | |||
505 | ||||
506 | if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM4) { | |||
507 | if (sigret == NULL((void*)0)) | |||
508 | return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); | |||
509 | if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) | |||
510 | r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); | |||
511 | else { | |||
512 | dctx = EVP_PKEY_CTX_dup(pctx); | |||
513 | if (dctx == NULL((void*)0)) | |||
514 | return 0; | |||
515 | r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); | |||
516 | EVP_PKEY_CTX_free(dctx); | |||
517 | } | |||
518 | return r; | |||
519 | } | |||
520 | if (pctx->pmeth->signctx != NULL((void*)0)) | |||
521 | sctx = 1; | |||
522 | else | |||
523 | sctx = 0; | |||
524 | if (sigret != NULL((void*)0)) { | |||
525 | unsigned char md[EVP_MAX_MD_SIZE64]; | |||
526 | unsigned int mdlen = 0; | |||
527 | ||||
528 | if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) { | |||
529 | if (sctx) | |||
530 | r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); | |||
531 | else | |||
532 | r = EVP_DigestFinal_ex(ctx, md, &mdlen); | |||
533 | } else { | |||
534 | EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); | |||
535 | ||||
536 | if (tmp_ctx == NULL((void*)0)) | |||
537 | return 0; | |||
538 | if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) { | |||
539 | EVP_MD_CTX_free(tmp_ctx); | |||
540 | return 0; | |||
541 | } | |||
542 | if (sctx) | |||
543 | r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, | |||
544 | sigret, siglen, tmp_ctx); | |||
545 | else | |||
546 | r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); | |||
547 | EVP_MD_CTX_free(tmp_ctx); | |||
548 | } | |||
549 | if (sctx || !r) | |||
550 | return r; | |||
551 | if (EVP_PKEY_sign(pctx, sigret, siglen, md, mdlen) <= 0) | |||
552 | return 0; | |||
553 | } else { | |||
554 | if (sctx) { | |||
555 | if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0) | |||
556 | return 0; | |||
557 | } else { | |||
558 | int s = EVP_MD_get_size(ctx->digest); | |||
559 | ||||
560 | if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL((void*)0), s) <= 0) | |||
561 | return 0; | |||
562 | } | |||
563 | } | |||
564 | return 1; | |||
565 | } | |||
566 | ||||
567 | int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, | |||
568 | const unsigned char *tbs, size_t tbslen) | |||
569 | { | |||
570 | EVP_PKEY_CTX *pctx = ctx->pctx; | |||
571 | ||||
572 | if (pctx != NULL((void*)0) | |||
| ||||
573 | && pctx->operation == EVP_PKEY_OP_SIGNCTX(1<<7) | |||
574 | && pctx->op.sig.algctx != NULL((void*)0) | |||
575 | && pctx->op.sig.signature != NULL((void*)0)) { | |||
576 | if (pctx->op.sig.signature->digest_sign != NULL((void*)0)) | |||
577 | return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx, | |||
578 | sigret, siglen, | |||
579 | sigret == NULL((void*)0) ? 0 : *siglen, | |||
580 | tbs, tbslen); | |||
581 | } else { | |||
582 | /* legacy */ | |||
583 | if (ctx->pctx->pmeth != NULL((void*)0) && ctx->pctx->pmeth->digestsign != NULL((void*)0)) | |||
| ||||
584 | return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen); | |||
585 | } | |||
586 | ||||
587 | if (sigret != NULL((void*)0) && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) | |||
588 | return 0; | |||
589 | return EVP_DigestSignFinal(ctx, sigret, siglen); | |||
590 | } | |||
591 | ||||
592 | int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, | |||
593 | size_t siglen) | |||
594 | { | |||
595 | unsigned char md[EVP_MAX_MD_SIZE64]; | |||
596 | int r = 0; | |||
597 | unsigned int mdlen = 0; | |||
598 | int vctx = 0; | |||
599 | EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; | |||
600 | ||||
601 | if (pctx == NULL((void*)0) | |||
602 | || pctx->operation != EVP_PKEY_OP_VERIFYCTX(1<<8) | |||
603 | || pctx->op.sig.algctx == NULL((void*)0) | |||
604 | || pctx->op.sig.signature == NULL((void*)0)) | |||
605 | goto legacy; | |||
606 | ||||
607 | if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) != 0) | |||
608 | return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, | |||
609 | sig, siglen); | |||
610 | dctx = EVP_PKEY_CTX_dup(pctx); | |||
611 | if (dctx == NULL((void*)0)) | |||
612 | return 0; | |||
613 | ||||
614 | r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, | |||
615 | sig, siglen); | |||
616 | EVP_PKEY_CTX_free(dctx); | |||
617 | return r; | |||
618 | ||||
619 | legacy: | |||
620 | if (pctx == NULL((void*)0) || pctx->pmeth == NULL((void*)0)) { | |||
621 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c" ,621,__func__), ERR_set_error)((6),(134),((void*)0)); | |||
622 | return 0; | |||
623 | } | |||
624 | ||||
625 | /* do_sigver_init() checked that |digest_custom| is non-NULL */ | |||
626 | if (pctx->flag_call_digest_custom | |||
627 | && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx)) | |||
628 | return 0; | |||
629 | pctx->flag_call_digest_custom = 0; | |||
630 | ||||
631 | if (pctx->pmeth->verifyctx != NULL((void*)0)) | |||
632 | vctx = 1; | |||
633 | else | |||
634 | vctx = 0; | |||
635 | if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) { | |||
636 | if (vctx) | |||
637 | r = pctx->pmeth->verifyctx(pctx, sig, siglen, ctx); | |||
638 | else | |||
639 | r = EVP_DigestFinal_ex(ctx, md, &mdlen); | |||
640 | } else { | |||
641 | EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); | |||
642 | if (tmp_ctx == NULL((void*)0)) | |||
643 | return -1; | |||
644 | if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) { | |||
645 | EVP_MD_CTX_free(tmp_ctx); | |||
646 | return -1; | |||
647 | } | |||
648 | if (vctx) | |||
649 | r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, | |||
650 | sig, siglen, tmp_ctx); | |||
651 | else | |||
652 | r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); | |||
653 | EVP_MD_CTX_free(tmp_ctx); | |||
654 | } | |||
655 | if (vctx || !r) | |||
656 | return r; | |||
657 | return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); | |||
658 | } | |||
659 | ||||
660 | int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, | |||
661 | size_t siglen, const unsigned char *tbs, size_t tbslen) | |||
662 | { | |||
663 | EVP_PKEY_CTX *pctx = ctx->pctx; | |||
664 | ||||
665 | if (pctx != NULL((void*)0) | |||
666 | && pctx->operation == EVP_PKEY_OP_VERIFYCTX(1<<8) | |||
667 | && pctx->op.sig.algctx != NULL((void*)0) | |||
668 | && pctx->op.sig.signature != NULL((void*)0)) { | |||
669 | if (pctx->op.sig.signature->digest_verify != NULL((void*)0)) | |||
670 | return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx, | |||
671 | sigret, siglen, | |||
672 | tbs, tbslen); | |||
673 | } else { | |||
674 | /* legacy */ | |||
675 | if (ctx->pctx->pmeth != NULL((void*)0) && ctx->pctx->pmeth->digestverify != NULL((void*)0)) | |||
676 | return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); | |||
677 | } | |||
678 | ||||
679 | if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) | |||
680 | return -1; | |||
681 | return EVP_DigestVerifyFinal(ctx, sigret, siglen); | |||
682 | } | |||
683 | #endif /* FIPS_MODULE */ |