sync

lib/libcrypto/asn1/asn1_item.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_item.c,v 1.7 2023/06/13 23:31:53 tb Exp $ */
+/* $OpenBSD: asn1_item.c,v 1.14 2023/06/15 13:58:56 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -233,41 +233,49 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 {
 	const EVP_MD *type;
 	EVP_PKEY *pkey;
-	unsigned char *buf_in = NULL, *buf_out = NULL;
-	size_t buf_out_len = 0;
-	int in_len = 0, out_len = 0;
+	unsigned char *in = NULL, *out = NULL;
+	size_t out_len = 0;
+	int in_len = 0;
 	int signid, paramtype;
 	int rv = 2;
 	int ret = 0;
 
-	type = EVP_MD_CTX_md(ctx);
-	pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
-
-	if (!type || !pkey) {
+	if ((pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx)) == NULL) {
 		ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
 		return 0;
 	}
 
-	if (pkey->ameth->item_sign) {
+	if (pkey->ameth == NULL) {
+		ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+		return 0;
+	}
+
+	if (pkey->ameth->item_sign != NULL) {
 		rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
 		    signature);
-		if (rv == 1)
+		if (rv == 1) {
 			out_len = signature->length;
+			goto done;
+		}
 		/* Return value meanings:
 		 * <=0: error.
 		 *   1: method does everything.
 		 *   2: carry on as normal.
 		 *   3: ASN1 method sets algorithm identifiers: just sign.
 		 */
-		if (rv <= 0)
+		if (rv <= 0) {
 			ASN1error(ERR_R_EVP_LIB);
-		if (rv <= 1)
 			goto err;
+		}
 	}
 
 	if (rv == 2) {
-		if (!pkey->ameth ||
-		    !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
+		if ((type = EVP_MD_CTX_md(ctx)) == NULL) {
+			ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
+			return 0;
+		}
+
+		if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
 		    pkey->ameth->pkey_id)) {
 			ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
 			return 0;
@@ -287,46 +295,43 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 
 	}
 
-	if ((in_len = ASN1_item_i2d(asn, &buf_in, it)) <= 0) {
+	if ((in_len = ASN1_item_i2d(asn, &in, it)) <= 0) {
 		in_len = 0;
 		goto err;
 	}
 
-	if ((out_len = EVP_PKEY_size(pkey)) <= 0) {
-		out_len = 0;
+	if (!EVP_DigestSign(ctx, NULL, &out_len, in, in_len)) {
+		ASN1error(ERR_R_EVP_LIB);
 		goto err;
 	}
-
-	if ((buf_out = malloc(out_len)) == NULL) {
+	if ((out = calloc(1, out_len)) == NULL) {
 		ASN1error(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
-
-	buf_out_len = out_len;
-	if (!EVP_DigestSignUpdate(ctx, buf_in, in_len) ||
-	    !EVP_DigestSignFinal(ctx, buf_out, &buf_out_len)) {
+	if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) {
 		ASN1error(ERR_R_EVP_LIB);
 		goto err;
 	}
 
-	if (buf_out_len > INT_MAX) {
+	if (out_len > INT_MAX) {
 		ASN1error(ASN1_R_TOO_LONG);
 		goto err;
 	}
 
-	ASN1_STRING_set0(signature, buf_out, (int)buf_out_len);
-	buf_out = NULL;
+	ASN1_STRING_set0(signature, out, out_len);
+	out = NULL;
 
 	if (!asn1_abs_set_unused_bits(signature, 0)) {
 		ASN1error(ERR_R_ASN1_LIB);
 		goto err;
 	}
 
-	ret = (int)buf_out_len;
+ done:
+	ret = out_len;
  err:
 	EVP_MD_CTX_cleanup(ctx);
-	freezero(buf_in, in_len);
-	freezero(buf_out, out_len);
+	freezero(in, in_len);
+	freezero(out, out_len);
 
 	return ret;
 }
@@ -336,18 +341,17 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
 {
 	EVP_MD_CTX ctx;
-	unsigned char *buf_in = NULL;
-	int ret = -1, inl;
-
+	unsigned char *in = NULL;
 	int mdnid, pknid;
+	int in_len = 0;
+	int ret = -1;
 
-	if (!pkey) {
+	if (pkey == NULL) {
 		ASN1error(ERR_R_PASSED_NULL_PARAMETER);
 		return -1;
 	}
 
-	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
-	{
+	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
 		ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
 		return -1;
 	}
@@ -395,35 +399,26 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 
 	}
 
-	inl = ASN1_item_i2d(asn, &buf_in, it);
-
-	if (buf_in == NULL) {
+	if ((in_len = ASN1_item_i2d(asn, &in, it)) <= 0) {
 		ASN1error(ERR_R_MALLOC_FAILURE);
+		in_len = 0;
 		goto err;
 	}
 
-	if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
+	if (EVP_DigestVerify(&ctx, signature->data, signature->length,
+	    in, in_len) <= 0) {
 		ASN1error(ERR_R_EVP_LIB);
 		ret = 0;
 		goto err;
 	}
 
-	freezero(buf_in, (unsigned int)inl);
-
-	if (EVP_DigestVerifyFinal(&ctx, signature->data,
-	    (size_t)signature->length) <= 0) {
-		ASN1error(ERR_R_EVP_LIB);
-		ret = 0;
-		goto err;
-	}
-	/* we don't need to zero the 'ctx' because we just checked
-	 * public information */
-	/* memset(&ctx,0,sizeof(ctx)); */
 	ret = 1;
 
  err:
 	EVP_MD_CTX_cleanup(&ctx);
-	return (ret);
+	freezero(in, in_len);
+
+	return ret;
 }
 
 #define HEADER_SIZE   8

lib/libcrypto/objects/obj_xref.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_xref.h,v 1.5 2021/05/12 10:24:39 inoguchi Exp $ */
+/* $OpenBSD: obj_xref.h,v 1.6 2023/06/15 16:59:54 tb Exp $ */
 /* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
 
 __BEGIN_HIDDEN_DECLS
@@ -44,6 +44,7 @@ static const nid_triple sigoid_srt[] =
 	{NID_rsassaPss, NID_undef, NID_rsaEncryption},
 	{NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_tc26_gost3411_2012_256, NID_id_GostR3410_2001},
 	{NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_tc26_gost3411_2012_512, NID_id_GostR3410_2001},
+	{NID_Ed25519, NID_undef, NID_Ed25519},
 	{NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf},
 	{NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf},
 	{NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf},
@@ -59,8 +60,9 @@ static const nid_triple sigoid_srt[] =
 static const nid_triple * const sigoid_srt_xref[] =
 	{
 	&sigoid_srt[29],
-	&sigoid_srt[17],
 	&sigoid_srt[18],
+	&sigoid_srt[17],
+	&sigoid_srt[32],
 	&sigoid_srt[0],
 	&sigoid_srt[1],
 	&sigoid_srt[7],
@@ -71,29 +73,29 @@ static const nid_triple * const sigoid_srt_xref[] =
 	&sigoid_srt[5],
 	&sigoid_srt[8],
 	&sigoid_srt[12],
-	&sigoid_srt[32],
-	&sigoid_srt[37],
+	&sigoid_srt[33],
+	&sigoid_srt[38],
 	&sigoid_srt[6],
 	&sigoid_srt[10],
 	&sigoid_srt[11],
 	&sigoid_srt[13],
 	&sigoid_srt[24],
 	&sigoid_srt[20],
-	&sigoid_srt[34],
-	&sigoid_srt[39],
-	&sigoid_srt[14],
-	&sigoid_srt[21],
 	&sigoid_srt[35],
 	&sigoid_srt[40],
-	&sigoid_srt[15],
-	&sigoid_srt[22],
+	&sigoid_srt[14],
+	&sigoid_srt[21],
 	&sigoid_srt[36],
 	&sigoid_srt[41],
+	&sigoid_srt[15],
+	&sigoid_srt[22],
+	&sigoid_srt[37],
+	&sigoid_srt[42],
 	&sigoid_srt[16],
 	&sigoid_srt[23],
 	&sigoid_srt[19],
-	&sigoid_srt[33],
-	&sigoid_srt[38],
+	&sigoid_srt[34],
+	&sigoid_srt[39],
 	&sigoid_srt[25],
 	&sigoid_srt[26],
 	&sigoid_srt[27],

lib/libcrypto/objects/obj_xref.txt

@@ -1,6 +1,8 @@
 # OID cross reference table.
 # Links signatures OIDs to their corresponding public key algorithms
-# and digests.
+# and digests. The digest "undef" indicates the public key's ASN.1
+# method should handle AlgorithmIdentifiers and (at least part of) the
+# message digest explicitly.
 
 md2WithRSAEncryption	md2	rsaEncryption
 md5WithRSAEncryption	md5	rsaEncryption
@@ -14,10 +16,11 @@ sha224WithRSAEncryption	sha224	rsaEncryption
 mdc2WithRSA		mdc2	rsaEncryption
 ripemd160WithRSA	ripemd160 rsaEncryption
 # For PSS the digest algorithm can vary and depends on the included
-# AlgorithmIdentifier. The digest "undef" indicates the public key
-# method should handle this explicitly.
+# AlgorithmIdentifier.
 rsassaPss		undef	rsaEncryption
 
+Ed25519			undef	Ed25519
+
 # Alternative deprecated OIDs. By using the older "rsa" OID this
 # type will be recognized by not normally used.