From 983a0b482a9b3a3ee93ebfb3e0fb846b0f123325 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Tue, 17 Oct 2023 06:28:54 +0200 Subject: [PATCH] fixup! CMS and PKCS7: add support for EdDSA with Edwards curves 25519 and 448, simplifying code --- crypto/cms/cms_sd.c | 69 +++++++---------------------------------- crypto/pkcs7/pk7_doit.c | 2 +- 2 files changed, 12 insertions(+), 59 deletions(-) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 0b603d0c7803e5..781237a66d28e6 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -817,19 +817,9 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) { EVP_MD_CTX *mctx = si->mctx; EVP_PKEY_CTX *pctx = NULL; - unsigned char *abuf = NULL; - int alen; - size_t siglen; OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(si->cms_ctx); const char *propq = ossl_cms_ctx_get0_propq(si->cms_ctx); - char md_name[OSSL_MAX_NAME_SIZE]; - char name[80]; - int pknid = EVP_PKEY_get_id(si->pkey); - - if (pknid != NID_ED25519 && pknid != NID_ED448 - && OBJ_obj2txt(md_name, sizeof(md_name), - si->digestAlgorithm->algorithm, 0) <= 0) - return 0; + char name[OSSL_MAX_NAME_SIZE], *md_name = name; if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { if (!cms_add1_signingTime(si, NULL)) @@ -841,61 +831,24 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) if (EVP_PKEY_get_default_digest_name(si->pkey, name, sizeof(name)) > 0 && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ - return ASN1_item_sign_ex(ASN1_ITEM_rptr(CMS_Attributes_Sign), NULL, - NULL, si->signature /* sets the ASN1_BIT_STRING */, - si->signedAttrs, NULL, si->pkey, - EVP_get_digestbyobj(si->digestAlgorithm->algorithm), - libctx, propq); + md_name = NULL; + else if (OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0) + <= 0) + return 0; - /* - * TODO replace all below code by ASN1_item_sign_ex(), - * but need to make sure that it works also for RSA with padding mode PSS - */ - if (si->pctx) { + if (si->pctx != NULL) { pctx = si->pctx; } else { EVP_MD_CTX_reset(mctx); - if (EVP_DigestSignInit_ex(mctx, &pctx, - pknid == NID_ED25519 || pknid == NID_ED448 - ? NULL : md_name, + if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, libctx, propq, si->pkey, NULL) <= 0) - goto err; + return 0; si->pctx = pctx; } - alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, - ASN1_ITEM_rptr(CMS_Attributes_Sign)); - if (!abuf) - goto err; - if (pknid == NID_ED25519 || pknid == NID_ED448) { - if (EVP_DigestSign(mctx, NULL, &siglen, abuf, alen) != 1) - goto err; - } else { - if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) - goto err; - if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) - goto err; - } - OPENSSL_free(abuf); - abuf = OPENSSL_malloc(siglen); - if (abuf == NULL) - goto err; - if ((pknid == NID_ED25519 || pknid == NID_ED448 - ? EVP_DigestSign(mctx, abuf, &siglen, abuf, alen) - : EVP_DigestSignFinal(mctx, abuf, &siglen)) - <= 0) - goto err; - - EVP_MD_CTX_reset(mctx); - - ASN1_STRING_set0(si->signature, abuf, siglen); - - return 1; + return ASN1_item_sign_ctx(ASN1_ITEM_rptr(CMS_Attributes_Sign), NULL, + NULL, si->signature, si->signedAttrs, mctx); - err: - OPENSSL_free(abuf); - EVP_MD_CTX_reset(mctx); - return 0; } int CMS_SignerInfo_verify(CMS_SignerInfo *si) @@ -906,7 +859,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) int pknid; const EVP_MD *md = NULL; EVP_MD *fetched_md = NULL; - char md_name[80]; + char md_name[OSSL_MAX_NAME_SIZE]; OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(si->cms_ctx); const char *propq = ossl_cms_ctx_get0_propq(si->cms_ctx); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 4bcf5e4d3836f8..91e2c4fb5f2c4d 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -974,7 +974,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mdc_tmp, *mdc; const EVP_MD *md; EVP_MD *fetched_md = NULL; - char md_name[80]; + char md_name[OSSL_MAX_NAME_SIZE]; int ret = 0, i; int md_type; STACK_OF(X509_ATTRIBUTE) *sk = si->auth_attr;