mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

providers: Allow possible reinitialization in all signature algorithms

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)
This commit is contained in:
Tomas Mraz 2021-11-04 15:38:51 +01:00
parent 816f72d088
commit 3ffd23e952
6 changed files with 108 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
providers/implementations/signature/dsa_sig.c
View File

@ -189,22 +189,31 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa,
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (!ossl_prov_is_running()
|| pdsactx == NULL
|| vdsa == NULL
|| !DSA_up_ref(vdsa))
|| pdsactx == NULL)
return 0;
DSA_free(pdsactx->dsa);
pdsactx->dsa = vdsa;
if (vdsa == NULL && pdsactx->dsa == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
return 0;
}
if (vdsa != NULL) {
if (!ossl_dsa_check_key(pdsactx->libctx, vdsa,
operation == EVP_PKEY_OP_SIGN)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
if (!DSA_up_ref(vdsa))
return 0;
DSA_free(pdsactx->dsa);
pdsactx->dsa = vdsa;
}
pdsactx->operation = operation;
if (!dsa_set_ctx_params(pdsactx, params))
return 0;
if (!ossl_dsa_check_key(pdsactx->libctx, vdsa,
operation == EVP_PKEY_OP_SIGN)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
return 1;
}
@ -278,9 +287,12 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
return 0;
pdsactx->flag_allow_md = 0;
pdsactx->mdctx = EVP_MD_CTX_new();
if (pdsactx->mdctx == NULL)
goto error;
if (pdsactx->mdctx == NULL) {
pdsactx->mdctx = EVP_MD_CTX_new();
if (pdsactx->mdctx == NULL)
goto error;
}
if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params))
goto error;
@ -289,9 +301,7 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
error:
EVP_MD_CTX_free(pdsactx->mdctx);
EVP_MD_free(pdsactx->md);
pdsactx->mdctx = NULL;
pdsactx->md = NULL;
return 0;
}

36
providers/implementations/signature/ecdsa_sig.c
View File

@ -131,16 +131,29 @@ static int ecdsa_signverify_init(void *vctx, void *ec,
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
if (!ossl_prov_is_running()
|| ctx == NULL
|| ec == NULL
|| !EC_KEY_up_ref(ec))
|| ctx == NULL)
return 0;
EC_KEY_free(ctx->ec);
ctx->ec = ec;
if (ec == NULL && ctx->ec == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
return 0;
}
if (ec != NULL) {
if (!ossl_ec_check_key(ctx->libctx, ec, operation == EVP_PKEY_OP_SIGN))
return 0;
if (!EC_KEY_up_ref(ec))
return 0;
EC_KEY_free(ctx->ec);
ctx->ec = ec;
}
ctx->operation = operation;
if (!ecdsa_set_ctx_params(ctx, params))
return 0;
return ossl_ec_check_key(ctx->libctx, ec, operation == EVP_PKEY_OP_SIGN);
return 1;
}
static int ecdsa_sign_init(void *vctx, void *ec, const OSSL_PARAM params[])
@ -279,18 +292,19 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
return 0;
ctx->flag_allow_md = 0;
ctx->mdctx = EVP_MD_CTX_new();
if (ctx->mdctx == NULL)
goto error;
if (ctx->mdctx == NULL) {
ctx->mdctx = EVP_MD_CTX_new();
if (ctx->mdctx == NULL)
goto error;
}
if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
goto error;
return 1;
error:
EVP_MD_CTX_free(ctx->mdctx);
EVP_MD_free(ctx->md);
ctx->mdctx = NULL;
ctx->md = NULL;
return 0;
}

9
providers/implementations/signature/eddsa_sig.c
View File

@ -100,6 +100,14 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
return 0;
}
if (edkey == NULL) {
if (peddsactx->key != NULL)
/* there is nothing to do on reinit */
return 1;
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
return 0;
}
if (!ossl_ecx_key_up_ref(edkey)) {
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
return 0;
@ -124,6 +132,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
default:
/* Should never happen */
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
ossl_ecx_key_free(edkey);
return 0;
}
if (ret && WPACKET_finish(&pkt)) {

9
providers/implementations/signature/mac_legacy_sig.c
View File

@ -16,6 +16,7 @@
#include <openssl/core_names.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/proverr.h>
#ifndef FIPS_MODULE
# include <openssl/engine.h>
#endif
@ -101,10 +102,14 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
const char *ciphername = NULL, *engine = NULL;
if (!ossl_prov_is_running()
|| pmacctx == NULL
|| (pmacctx->key == NULL && vkey == NULL))
|| pmacctx == NULL)
return 0;
if (pmacctx->key == NULL && vkey == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
return 0;
}
if (vkey != NULL) {
if (!ossl_mac_key_up_ref(vkey))
return 0;

31
providers/implementations/signature/rsa_sig.c
View File

@ -386,19 +386,24 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
if (!ossl_prov_is_running())
if (!ossl_prov_is_running() || prsactx == NULL)
return 0;
if (prsactx == NULL || vrsa == NULL)
if (vrsa == NULL && prsactx->rsa == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
return 0;
}
if (!ossl_rsa_check_key(prsactx->libctx, vrsa, operation))
return 0;
if (vrsa != NULL) {
if (!ossl_rsa_check_key(prsactx->libctx, vrsa, operation))
return 0;
if (!RSA_up_ref(vrsa))
return 0;
RSA_free(prsactx->rsa);
prsactx->rsa = vrsa;
}
if (!RSA_up_ref(vrsa))
return 0;
RSA_free(prsactx->rsa);
prsactx->rsa = vrsa;
prsactx->operation = operation;
if (!rsa_set_ctx_params(prsactx, params))
@ -842,6 +847,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
if (!rsa_signverify_init(vprsactx, vrsa, params, operation))
return 0;
if (mdname != NULL
/* was rsa_setup_md already called in rsa_signverify_init()? */
&& (mdname[0] == '\0' || strcasecmp(prsactx->mdname, mdname) != 0)
@ -849,10 +855,11 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
return 0;
prsactx->flag_allow_md = 0;
prsactx->mdctx = EVP_MD_CTX_new();
if (prsactx->mdctx == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto error;
prsactx->mdctx = EVP_MD_CTX_new();
if (prsactx->mdctx == NULL)
goto error;
}
if (!EVP_DigestInit_ex2(prsactx->mdctx, prsactx->md, params))
@ -862,9 +869,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
error:
EVP_MD_CTX_free(prsactx->mdctx);
EVP_MD_free(prsactx->md);
prsactx->mdctx = NULL;
prsactx->md = NULL;
return 0;
}

33
providers/implementations/signature/sm2_sig.c
View File

@ -27,6 +27,7 @@
#include "internal/cryptlib.h"
#include "internal/sm3.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "crypto/ec.h"
#include "crypto/sm2.h"
@ -97,6 +98,9 @@ static int sm2sig_set_mdname(PROV_SM2_CTX *psm2ctx, const char *mdname)
if (psm2ctx->md == NULL)
return 0;
if (mdname == NULL)
return 1;
if (strlen(mdname) >= sizeof(psm2ctx->mdname)
|| !EVP_MD_is_a(psm2ctx->md, mdname)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, "digest=%s",
@ -131,10 +135,22 @@ static int sm2sig_signature_init(void *vpsm2ctx, void *ec,
{
PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx;
if (psm2ctx == NULL || ec == NULL || !EC_KEY_up_ref(ec))
if (!ossl_prov_is_running()
|| psm2ctx == NULL)
return 0;
EC_KEY_free(psm2ctx->ec);
psm2ctx->ec = ec;
if (ec == NULL && psm2ctx->ec == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
return 0;
}
if (ec != NULL) {
if (!EC_KEY_up_ref(ec))
return 0;
EC_KEY_free(psm2ctx->ec);
psm2ctx->ec = ec;
}
return sm2sig_set_ctx_params(psm2ctx, params);
}
@ -197,10 +213,11 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
|| !sm2sig_set_mdname(ctx, mdname))
return ret;
EVP_MD_CTX_free(ctx->mdctx);
ctx->mdctx = EVP_MD_CTX_new();
if (ctx->mdctx == NULL)
goto error;
if (ctx->mdctx == NULL) {
ctx->mdctx = EVP_MD_CTX_new();
if (ctx->mdctx == NULL)
goto error;
}
md_nid = EVP_MD_get_type(ctx->md);
@ -228,8 +245,6 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
ret = 1;
error:
if (!ret)
free_md(ctx);
return ret;
}