Skip to content

Commit

Permalink
fixup! CMS and PKCS7: add support for EdDSA with Edwards curves 25519…
Browse files Browse the repository at this point in the history
… and 448, simplifying code
  • Loading branch information
DDvO committed Oct 17, 2023
1 parent cccabbf commit c1feeaa
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 59 deletions.
69 changes: 11 additions & 58 deletions crypto/cms/cms_sd.c
Original file line number Diff line number Diff line change
Expand Up @@ -817,19 +817,9 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
{
EVP_MD_CTX *mctx = si->mctx;
EVP_PKEY_CTX *pctx = NULL;
unsigned char *abuf = NULL;
int alen;
size_t siglen;
OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(si->cms_ctx);
const char *propq = ossl_cms_ctx_get0_propq(si->cms_ctx);
char md_name[OSSL_MAX_NAME_SIZE];
char name[80];
int pknid = EVP_PKEY_get_id(si->pkey);

if (pknid != NID_ED25519 && pknid != NID_ED448
&& OBJ_obj2txt(md_name, sizeof(md_name),
si->digestAlgorithm->algorithm, 0) <= 0)
return 0;
char name[OSSL_MAX_NAME_SIZE], *md_name = name;

if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
if (!cms_add1_signingTime(si, NULL))
Expand All @@ -841,61 +831,24 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)

if (EVP_PKEY_get_default_digest_name(si->pkey, name, sizeof(name)) > 0
&& strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */
return ASN1_item_sign_ex(ASN1_ITEM_rptr(CMS_Attributes_Sign), NULL,
NULL, si->signature /* sets the ASN1_BIT_STRING */,
si->signedAttrs, NULL, si->pkey,
EVP_get_digestbyobj(si->digestAlgorithm->algorithm),
libctx, propq);
md_name = NULL;
else if (OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0)
<= 0)
return 0;

/*
* TODO replace all below code by ASN1_item_sign_ex(),
* but need to make sure that it works also for RSA with padding mode PSS
*/
if (si->pctx) {
if (si->pctx != NULL) {
pctx = si->pctx;
} else {
EVP_MD_CTX_reset(mctx);
if (EVP_DigestSignInit_ex(mctx, &pctx,
pknid == NID_ED25519 || pknid == NID_ED448
? NULL : md_name,
if (EVP_DigestSignInit_ex(mctx, &pctx, md_name,
libctx, propq, si->pkey, NULL) <= 0)
goto err;
return 0;
si->pctx = pctx;
}

alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
ASN1_ITEM_rptr(CMS_Attributes_Sign));
if (!abuf)
goto err;
if (pknid == NID_ED25519 || pknid == NID_ED448) {
if (EVP_DigestSign(mctx, NULL, &siglen, abuf, alen) != 1)
goto err;
} else {
if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
goto err;
if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
goto err;
}
OPENSSL_free(abuf);
abuf = OPENSSL_malloc(siglen);
if (abuf == NULL)
goto err;
if ((pknid == NID_ED25519 || pknid == NID_ED448
? EVP_DigestSign(mctx, abuf, &siglen, abuf, alen)
: EVP_DigestSignFinal(mctx, abuf, &siglen))
<= 0)
goto err;

EVP_MD_CTX_reset(mctx);

ASN1_STRING_set0(si->signature, abuf, siglen);

return 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(CMS_Attributes_Sign), NULL,
NULL, si->signature, si->signedAttrs, mctx);

err:
OPENSSL_free(abuf);
EVP_MD_CTX_reset(mctx);
return 0;
}

int CMS_SignerInfo_verify(CMS_SignerInfo *si)
Expand All @@ -906,7 +859,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
int pknid;
const EVP_MD *md = NULL;
EVP_MD *fetched_md = NULL;
char md_name[80];
char md_name[OSSL_MAX_NAME_SIZE];
OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(si->cms_ctx);
const char *propq = ossl_cms_ctx_get0_propq(si->cms_ctx);

Expand Down
2 changes: 1 addition & 1 deletion crypto/pkcs7/pk7_doit.c
Original file line number Diff line number Diff line change
Expand Up @@ -974,7 +974,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
EVP_MD_CTX *mdc_tmp, *mdc;
const EVP_MD *md;
EVP_MD *fetched_md = NULL;
char md_name[80];
char md_name[OSSL_MAX_NAME_SIZE];
int ret = 0, i;
int md_type;
STACK_OF(X509_ATTRIBUTE) *sk = si->auth_attr;
Expand Down

0 comments on commit c1feeaa

Please sign in to comment.