diff options
Diffstat (limited to 'src/lib/libcrypto/ec/ecx_methods.c')
-rw-r--r-- | src/lib/libcrypto/ec/ecx_methods.c | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ec/ecx_methods.c b/src/lib/libcrypto/ec/ecx_methods.c index cd512a447f..ab299a8d6b 100644 --- a/src/lib/libcrypto/ec/ecx_methods.c +++ b/src/lib/libcrypto/ec/ecx_methods.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ecx_methods.c,v 1.11 2024/01/04 17:01:26 tb Exp $ */ | 1 | /* $OpenBSD: ecx_methods.c,v 1.12 2024/03/29 06:41:58 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2022 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2022 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -17,6 +17,7 @@ | |||
17 | 17 | ||
18 | #include <string.h> | 18 | #include <string.h> |
19 | 19 | ||
20 | #include <openssl/cms.h> | ||
20 | #include <openssl/curve25519.h> | 21 | #include <openssl/curve25519.h> |
21 | #include <openssl/ec.h> | 22 | #include <openssl/ec.h> |
22 | #include <openssl/err.h> | 23 | #include <openssl/err.h> |
@@ -530,10 +531,67 @@ ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) | |||
530 | return -2; | 531 | return -2; |
531 | } | 532 | } |
532 | 533 | ||
534 | #ifndef OPENSSL_NO_CMS | ||
535 | static int | ||
536 | ecx_cms_sign_or_verify(EVP_PKEY *pkey, long verify, CMS_SignerInfo *si) | ||
537 | { | ||
538 | X509_ALGOR *digestAlgorithm, *signatureAlgorithm; | ||
539 | ASN1_OBJECT *aobj; | ||
540 | |||
541 | if (verify != 0 && verify != 1) | ||
542 | return -1; | ||
543 | |||
544 | /* Check that we have an Ed25519 public key. */ | ||
545 | if (EVP_PKEY_id(pkey) != NID_ED25519) | ||
546 | return -1; | ||
547 | |||
548 | CMS_SignerInfo_get0_algs(si, NULL, NULL, &digestAlgorithm, | ||
549 | &signatureAlgorithm); | ||
550 | |||
551 | /* RFC 8419, section 2.3: digestAlgorithm MUST be SHA-512. */ | ||
552 | if (digestAlgorithm == NULL) | ||
553 | return -1; | ||
554 | if (OBJ_obj2nid(digestAlgorithm->algorithm) != NID_sha512) | ||
555 | return -1; | ||
556 | |||
557 | /* | ||
558 | * RFC 8419, section 2.4: signatureAlgorithm MUST be Ed25519, and the | ||
559 | * parameters MUST be absent. For verification check that this is the | ||
560 | * case, for signing set the signatureAlgorithm accordingly. | ||
561 | */ | ||
562 | if (verify) { | ||
563 | const ASN1_OBJECT *obj; | ||
564 | int param_type; | ||
565 | |||
566 | if (signatureAlgorithm == NULL) | ||
567 | return -1; | ||
568 | |||
569 | X509_ALGOR_get0(&obj, ¶m_type, NULL, signatureAlgorithm); | ||
570 | if (OBJ_obj2nid(obj) != NID_ED25519) | ||
571 | return -1; | ||
572 | if (param_type != V_ASN1_UNDEF) | ||
573 | return -1; | ||
574 | |||
575 | return 1; | ||
576 | } | ||
577 | |||
578 | if ((aobj = OBJ_nid2obj(NID_ED25519)) == NULL) | ||
579 | return -1; | ||
580 | if (!X509_ALGOR_set0(signatureAlgorithm, aobj, V_ASN1_UNDEF, NULL)) | ||
581 | return -1; | ||
582 | |||
583 | return 1; | ||
584 | } | ||
585 | #endif | ||
586 | |||
533 | static int | 587 | static int |
534 | ecx_sign_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) | 588 | ecx_sign_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) |
535 | { | 589 | { |
536 | switch (op) { | 590 | switch (op) { |
591 | #ifndef OPENSSL_NO_CMS | ||
592 | case ASN1_PKEY_CTRL_CMS_SIGN: | ||
593 | return ecx_cms_sign_or_verify(pkey, arg1, arg2); | ||
594 | #endif | ||
537 | case ASN1_PKEY_CTRL_DEFAULT_MD_NID: | 595 | case ASN1_PKEY_CTRL_DEFAULT_MD_NID: |
538 | /* PureEdDSA does its own hashing. */ | 596 | /* PureEdDSA does its own hashing. */ |
539 | *(int *)arg2 = NID_undef; | 597 | *(int *)arg2 = NID_undef; |
@@ -806,6 +864,9 @@ pkey_ecx_ed_ctrl(EVP_PKEY_CTX *pkey_ctx, int op, int arg1, void *arg2) | |||
806 | } | 864 | } |
807 | return 1; | 865 | return 1; |
808 | 866 | ||
867 | #ifndef OPENSSL_NO_CMS | ||
868 | case EVP_PKEY_CTRL_CMS_SIGN: | ||
869 | #endif | ||
809 | case EVP_PKEY_CTRL_DIGESTINIT: | 870 | case EVP_PKEY_CTRL_DIGESTINIT: |
810 | return 1; | 871 | return 1; |
811 | } | 872 | } |