diff options
Diffstat (limited to 'crypto/evp/m_sigver.c')
| -rw-r--r-- | crypto/evp/m_sigver.c | 74 |
1 files changed, 63 insertions, 11 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 3a979f4bd4..8845148176 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,12 +17,12 @@ #include "evp_local.h" #ifndef FIPS_MODULE - static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); return 0; } +#endif /* * If we get the "NULL" md then the name comes back as "UNDEF". We want to use @@ -58,8 +58,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, reinit = 0; if (e == NULL) ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); +#ifndef FIPS_MODULE else ctx->pctx = EVP_PKEY_CTX_new(pkey, e); +#endif } if (ctx->pctx == NULL) return 0; @@ -241,6 +243,11 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (ctx->fetched_digest != NULL) { ctx->digest = ctx->reqdigest = ctx->fetched_digest; } else { +#ifdef FIPS_MODULE + (void)ERR_clear_last_mark(); + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; +#else /* legacy engine support : remove the mark when this is deleted */ ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); if (ctx->digest == NULL) { @@ -248,6 +255,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } +#endif } (void)ERR_pop_to_mark(); } @@ -293,6 +301,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, EVP_KEYMGMT_free(tmp_keymgmt); tmp_keymgmt = NULL; +#ifdef FIPS_MODULE + return 0; +#else if (type == NULL && mdname != NULL) type = evp_get_digestbyname_ex(locpctx->libctx, mdname); @@ -355,7 +366,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ctx->pctx->flag_call_digest_custom = 1; ret = 1; - +#endif end: #ifndef FIPS_MODULE if (ret > 0) @@ -375,12 +386,14 @@ int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, params); } +#ifndef FIPS_MODULE int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0, NULL); } +#endif int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *mdname, OSSL_LIB_CTX *libctx, @@ -391,13 +404,14 @@ int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, params); } +#ifndef FIPS_MODULE int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, NULL); } -#endif /* FIPS_MDOE */ +#endif /* FIPS_MODULE */ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) { @@ -423,6 +437,10 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) data, dsize); legacy: +#ifdef FIPS_MODULE + ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); + return 0; +#else if (pctx != NULL) { /* do_sigver_init() checked that |digest_custom| is non-NULL */ if (pctx->flag_call_digest_custom @@ -432,6 +450,7 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) } return EVP_DigestUpdate(ctx, data, dsize); +#endif } int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) @@ -458,6 +477,10 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) data, dsize); legacy: +#ifdef FIPS_MODULE + ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); + return 0; +#else if (pctx != NULL) { /* do_sigver_init() checked that |digest_custom| is non-NULL */ if (pctx->flag_call_digest_custom @@ -467,13 +490,16 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) } return EVP_DigestUpdate(ctx, data, dsize); +#endif } -#ifndef FIPS_MODULE int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { - int sctx = 0, r = 0; +#ifndef FIPS_MODULE + int sctx = 0; +#endif + int r = 0; EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { @@ -487,12 +513,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, || pctx->op.sig.signature == NULL) goto legacy; +#ifndef FIPS_MODULE if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { /* try dup */ dctx = EVP_PKEY_CTX_dup(pctx); if (dctx != NULL) pctx = dctx; } +#endif r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, sigret == NULL ? 0 : *siglen); @@ -503,6 +531,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, return r; legacy: +#ifdef FIPS_MODULE + ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); + return 0; +#else if (pctx == NULL || pctx->pmeth == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -569,11 +601,12 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, } else { int s = EVP_MD_get_size(ctx->digest); - if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0) + if (s <= 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0) return 0; } } return 1; +#endif } int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, @@ -598,6 +631,11 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, sigret == NULL ? 0 : *siglen, tbs, tbslen); } +#ifdef FIPS_MODULE + } + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; +#else } else { /* legacy */ if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestsign != NULL) @@ -607,15 +645,18 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) return 0; return EVP_DigestSignFinal(ctx, sigret, siglen); +#endif } int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) { +#ifndef FIPS_MODULE + int vctx = 0; + unsigned int mdlen = 0; unsigned char md[EVP_MAX_MD_SIZE]; +#endif int r = 0; - unsigned int mdlen = 0; - int vctx = 0; EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { @@ -629,12 +670,14 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, || pctx->op.sig.signature == NULL) goto legacy; +#ifndef FIPS_MODULE if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { /* try dup */ dctx = EVP_PKEY_CTX_dup(pctx); if (dctx != NULL) pctx = dctx; } +#endif r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen); if (dctx == NULL) @@ -644,6 +687,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, return r; legacy: +#ifdef FIPS_MODULE + ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); + return 0; +#else if (pctx == NULL || pctx->pmeth == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -683,6 +730,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, if (vctx || !r) return r; return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); +#endif } int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, @@ -705,14 +753,18 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, sigret, siglen, tbs, tbslen); } +#ifdef FIPS_MODULE + } + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; +#else } else { /* legacy */ if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL) return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); } - if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) return -1; return EVP_DigestVerifyFinal(ctx, sigret, siglen); +#endif } -#endif /* FIPS_MODULE */ |