summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ecx_methods.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ec/ecx_methods.c')
-rw-r--r--src/lib/libcrypto/ec/ecx_methods.c63
1 files changed, 62 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ec/ecx_methods.c b/src/lib/libcrypto/ec/ecx_methods.c
index cd512a447f..ab299a8d6b 100644
--- a/src/lib/libcrypto/ec/ecx_methods.c
+++ b/src/lib/libcrypto/ec/ecx_methods.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecx_methods.c,v 1.11 2024/01/04 17:01:26 tb Exp $ */ 1/* $OpenBSD: ecx_methods.c,v 1.12 2024/03/29 06:41:58 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -17,6 +17,7 @@
17 17
18#include <string.h> 18#include <string.h>
19 19
20#include <openssl/cms.h>
20#include <openssl/curve25519.h> 21#include <openssl/curve25519.h>
21#include <openssl/ec.h> 22#include <openssl/ec.h>
22#include <openssl/err.h> 23#include <openssl/err.h>
@@ -530,10 +531,67 @@ ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
530 return -2; 531 return -2;
531} 532}
532 533
534#ifndef OPENSSL_NO_CMS
535static int
536ecx_cms_sign_or_verify(EVP_PKEY *pkey, long verify, CMS_SignerInfo *si)
537{
538 X509_ALGOR *digestAlgorithm, *signatureAlgorithm;
539 ASN1_OBJECT *aobj;
540
541 if (verify != 0 && verify != 1)
542 return -1;
543
544 /* Check that we have an Ed25519 public key. */
545 if (EVP_PKEY_id(pkey) != NID_ED25519)
546 return -1;
547
548 CMS_SignerInfo_get0_algs(si, NULL, NULL, &digestAlgorithm,
549 &signatureAlgorithm);
550
551 /* RFC 8419, section 2.3: digestAlgorithm MUST be SHA-512. */
552 if (digestAlgorithm == NULL)
553 return -1;
554 if (OBJ_obj2nid(digestAlgorithm->algorithm) != NID_sha512)
555 return -1;
556
557 /*
558 * RFC 8419, section 2.4: signatureAlgorithm MUST be Ed25519, and the
559 * parameters MUST be absent. For verification check that this is the
560 * case, for signing set the signatureAlgorithm accordingly.
561 */
562 if (verify) {
563 const ASN1_OBJECT *obj;
564 int param_type;
565
566 if (signatureAlgorithm == NULL)
567 return -1;
568
569 X509_ALGOR_get0(&obj, &param_type, NULL, signatureAlgorithm);
570 if (OBJ_obj2nid(obj) != NID_ED25519)
571 return -1;
572 if (param_type != V_ASN1_UNDEF)
573 return -1;
574
575 return 1;
576 }
577
578 if ((aobj = OBJ_nid2obj(NID_ED25519)) == NULL)
579 return -1;
580 if (!X509_ALGOR_set0(signatureAlgorithm, aobj, V_ASN1_UNDEF, NULL))
581 return -1;
582
583 return 1;
584}
585#endif
586
533static int 587static int
534ecx_sign_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 588ecx_sign_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
535{ 589{
536 switch (op) { 590 switch (op) {
591#ifndef OPENSSL_NO_CMS
592 case ASN1_PKEY_CTRL_CMS_SIGN:
593 return ecx_cms_sign_or_verify(pkey, arg1, arg2);
594#endif
537 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 595 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
538 /* PureEdDSA does its own hashing. */ 596 /* PureEdDSA does its own hashing. */
539 *(int *)arg2 = NID_undef; 597 *(int *)arg2 = NID_undef;
@@ -806,6 +864,9 @@ pkey_ecx_ed_ctrl(EVP_PKEY_CTX *pkey_ctx, int op, int arg1, void *arg2)
806 } 864 }
807 return 1; 865 return 1;
808 866
867#ifndef OPENSSL_NO_CMS
868 case EVP_PKEY_CTRL_CMS_SIGN:
869#endif
809 case EVP_PKEY_CTRL_DIGESTINIT: 870 case EVP_PKEY_CTRL_DIGESTINIT:
810 return 1; 871 return 1;
811 } 872 }