Implement functionality for direct use of composite signature algorithms

The following API groups are extended with a new init function, as well
as an update and final function, to allow the use of explicitly fetched
signature implementations for any composite signature algorithm, like
"sha1WithRSAEncryption":

- EVP_PKEY_sign
- EVP_PKEY_verify
- EVP_PKEY_verify_recover

To support this, providers are required to add a few new functions, not
the least one that declares what key types an signature implementation
supports.

While at this, the validity check in evp_signature_from_algorithm() is
also refactored; the SIGNATURE provider functionality is too complex for
counters.  It's better, or at least more readable, to check function
combinations.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23416)

1 files changed, 10 insertions, 0 deletions

diff --git a/util/libcrypto.num b/util/libcrypto.num
index ef11c0302e..57c1e4686c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5716,3 +5716,13 @@ OSSL_BASIC_ATTR_CONSTRAINTS_free        ?	3_4_0	EXIST::FUNCTION:
 OSSL_BASIC_ATTR_CONSTRAINTS_new         ?	3_4_0	EXIST::FUNCTION:
 OSSL_BASIC_ATTR_CONSTRAINTS_it          ?	3_4_0	EXIST::FUNCTION:
 EVP_KEYMGMT_gen_gettable_params         ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_signature              ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_sign_init_ex2                  ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_sign_message_init              ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_sign_message_update            ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_sign_message_final             ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_verify_init_ex2                ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_verify_message_init            ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_verify_message_update          ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_verify_message_final           ?	3_4_0	EXIST::FUNCTION:
+EVP_PKEY_verify_recover_init_ex2        ?	3_4_0	EXIST::FUNCTION: