diff options
| author | tb <> | 2023-06-15 13:32:18 +0000 |
|---|---|---|
| committer | tb <> | 2023-06-15 13:32:18 +0000 |
| commit | be4d851ec5fb784684c4cb3bc82f3f4079381ebf (patch) | |
| tree | 536424d734f812d7b3cb0004d5d99074f79de299 | |
| parent | f879fab0d7547def5a088597efd4d4c4e3551c13 (diff) | |
| download | openbsd-be4d851ec5fb784684c4cb3bc82f3f4079381ebf.tar.gz openbsd-be4d851ec5fb784684c4cb3bc82f3f4079381ebf.tar.bz2 openbsd-be4d851ec5fb784684c4cb3bc82f3f4079381ebf.zip | |
Switch ASN1_item_sign_ctx() to EVP_DigestSign()
This makes this function work with Ed25519 and cleans up a handful of
ugly contortions: use EVP_DigestSign() to determine the signature length
instead of using the strange EVP_PKEY_size() and garbage collect the now
useless out_len. Also use calloc().
ok jsing
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_item.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_item.c b/src/lib/libcrypto/asn1/asn1_item.c index 6efe7314e7..b441ca8f33 100644 --- a/src/lib/libcrypto/asn1/asn1_item.c +++ b/src/lib/libcrypto/asn1/asn1_item.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn1_item.c,v 1.10 2023/06/15 13:22:25 tb Exp $ */ | 1 | /* $OpenBSD: asn1_item.c,v 1.11 2023/06/15 13:32:18 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -235,7 +235,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 235 | EVP_PKEY *pkey; | 235 | EVP_PKEY *pkey; |
| 236 | unsigned char *buf_in = NULL, *buf_out = NULL; | 236 | unsigned char *buf_in = NULL, *buf_out = NULL; |
| 237 | size_t buf_out_len = 0; | 237 | size_t buf_out_len = 0; |
| 238 | int in_len = 0, out_len = 0; | 238 | int in_len = 0; |
| 239 | int signid, paramtype; | 239 | int signid, paramtype; |
| 240 | int rv = 2; | 240 | int rv = 2; |
| 241 | int ret = 0; | 241 | int ret = 0; |
| @@ -300,19 +300,17 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 300 | goto err; | 300 | goto err; |
| 301 | } | 301 | } |
| 302 | 302 | ||
| 303 | if ((out_len = EVP_PKEY_size(pkey)) <= 0) { | 303 | if (!EVP_DigestSign(ctx, NULL, &buf_out_len, buf_in, in_len)) { |
| 304 | out_len = 0; | 304 | ASN1error(ERR_R_EVP_LIB); |
| 305 | goto err; | 305 | goto err; |
| 306 | } | 306 | } |
| 307 | 307 | ||
| 308 | if ((buf_out = malloc(out_len)) == NULL) { | 308 | if ((buf_out = calloc(1, buf_out_len)) == NULL) { |
| 309 | ASN1error(ERR_R_MALLOC_FAILURE); | 309 | ASN1error(ERR_R_MALLOC_FAILURE); |
| 310 | goto err; | 310 | goto err; |
| 311 | } | 311 | } |
| 312 | 312 | ||
| 313 | buf_out_len = out_len; | 313 | if (!EVP_DigestSign(ctx, buf_out, &buf_out_len, buf_in, in_len)) { |
| 314 | if (!EVP_DigestSignUpdate(ctx, buf_in, in_len) || | ||
| 315 | !EVP_DigestSignFinal(ctx, buf_out, &buf_out_len)) { | ||
| 316 | ASN1error(ERR_R_EVP_LIB); | 314 | ASN1error(ERR_R_EVP_LIB); |
| 317 | goto err; | 315 | goto err; |
| 318 | } | 316 | } |
| @@ -335,7 +333,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 335 | err: | 333 | err: |
| 336 | EVP_MD_CTX_cleanup(ctx); | 334 | EVP_MD_CTX_cleanup(ctx); |
| 337 | freezero(buf_in, in_len); | 335 | freezero(buf_in, in_len); |
| 338 | freezero(buf_out, out_len); | 336 | freezero(buf_out, buf_out_len); |
| 339 | 337 | ||
| 340 | return ret; | 338 | return ret; |
| 341 | } | 339 | } |