From d4880454de9f6ecccb937f10295303988845d4f7 Mon Sep 17 00:00:00 2001 From: David von Oheimb Date: Wed, 14 Aug 2024 14:17:28 +0200 Subject: [PATCH] fixup! APPS/pkeyutl: improve -rawin usability (implied by Ed25519 and Ed448) and doc --- apps/pkeyutl.c | 12 ++++++++++-- doc/man1/openssl-pkeyutl.pod.in | 5 ++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index d602b0538266df..5ecf086c94c445 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -306,8 +306,16 @@ int pkeyutl_main(int argc, char **argv) pkey = get_pkey(kdfalg, inkey, keyform, key_type, passinarg, pkey_op, e); if (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY) { - if (only_rawin(pkey)) - rawin = 1; /* implied for Ed25519 and Ed448 */ + if (only_rawin(pkey)) { + if ((EVP_PKEY_is_a(pkey, "ED25519") || EVP_PKEY_is_a(pkey, "ED448")) + && digestname != NULL) { + BIO_printf(bio_err, + "%s: -digest (prehash) is not supported with EdDSA\n", prog); + EVP_PKEY_free(pkey); + goto end; + } + rawin = 1; /* implied for Ed25519(ph) and Ed448(ph) and maybe others in the future */ + } } else if (rawin) { BIO_printf(bio_err, "%s: -rawin can only be used with -sign or -verify\n", prog); diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index d066a3824e70f5..d898352bac633b 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -65,9 +65,10 @@ if this option is not specified. This indicates that signature input data is raw data, which for most signature algorithms (but not EdDSA) needs to be hashed by some message digest algorithm. -The user can specify a digest algorithm by using the B<-digest> option. This option can only be used with B<-sign> and B<-verify> and is implied by the Ed25519 and Ed448 algorithms. +Except with EdDSA, +the user can specify a digest algorithm by using the B<-digest> option. =item B<-digest> I @@ -78,6 +79,8 @@ is omitted but the signature algorithm requires one, a default value will be used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the default digest algorithm. For SM2, it will be SM3. If this option is present, then the B<-rawin> option must be also specified. +So far, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported, +so the B<-digest> option cannot be used with EdDSA). =item B<-out> I