diff options
| author | Richard Levitte <levitte@openssl.org> | 2024-02-02 08:20:06 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2024-08-29 19:13:06 +0200 |
| commit | 1751334f59816d675a1ea85e98434a8231a58efe (patch) | |
| tree | 5524b04bc50566db2a187d9542c812fe7464c5fd /crypto | |
| parent | Fix compile err when building VC-CLANG-WIN64-CLANGASM-ARM target (diff) | |
| download | openssl-1751334f59816d675a1ea85e98434a8231a58efe.tar.xz openssl-1751334f59816d675a1ea85e98434a8231a58efe.zip | |
Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions
Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448
implementations, including ph and ctx variants.
Tests are added with test_evp stanzas.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24975)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/err/openssl.txt | 2 | ||||
| -rw-r--r-- | crypto/evp/signature.c | 21 |
2 files changed, 4 insertions, 19 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 007db19b76..2aea0d2186 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1084,6 +1084,7 @@ PROV_R_INVALID_MGF1_MD:167:invalid mgf1 md PROV_R_INVALID_MODE:125:invalid mode PROV_R_INVALID_OUTPUT_LENGTH:217:invalid output length PROV_R_INVALID_PADDING_MODE:168:invalid padding mode +PROV_R_INVALID_PREHASHED_DIGEST_LENGTH:241:invalid prehashed digest length PROV_R_INVALID_PUBINFO:198:invalid pubinfo PROV_R_INVALID_SALT_LENGTH:112:invalid salt length PROV_R_INVALID_SEED_LENGTH:154:invalid seed length @@ -1121,6 +1122,7 @@ PROV_R_NOT_INSTANTIATED:193:not instantiated PROV_R_NOT_PARAMETERS:226:not parameters PROV_R_NOT_SUPPORTED:136:not supported PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length +PROV_R_NO_INSTANCE_ALLOWED:242:no instance allowed PROV_R_NO_KEY_SET:114:no key set PROV_R_NO_PARAMETERS_SET:177:no parameters set PROV_R_ONESHOT_CALL_OUT_OF_ORDER:239:oneshot call out of order diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index 33910e5bc3..7d619edfae 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -48,8 +48,6 @@ static void *evp_signature_from_algorithm(int name_id, int ctxfncnt = 0; /* Counts all init functions */ int initfncnt = 0; - /* Counts all performance functions (oneshot / update / final) */ - int fncnt = 0; /* Counts all parameter functions */ int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0; int valid = 0; @@ -82,7 +80,6 @@ static void *evp_signature_from_algorithm(int name_id, if (signature->sign != NULL) break; signature->sign = OSSL_FUNC_signature_sign(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT: if (signature->sign_message_init != NULL) @@ -96,14 +93,12 @@ static void *evp_signature_from_algorithm(int name_id, break; signature->sign_message_update = OSSL_FUNC_signature_sign_message_update(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL: if (signature->sign_message_final != NULL) break; signature->sign_message_final = OSSL_FUNC_signature_sign_message_final(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_VERIFY_INIT: if (signature->verify_init != NULL) @@ -115,7 +110,6 @@ static void *evp_signature_from_algorithm(int name_id, if (signature->verify != NULL) break; signature->verify = OSSL_FUNC_signature_verify(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT: if (signature->verify_message_init != NULL) @@ -129,14 +123,12 @@ static void *evp_signature_from_algorithm(int name_id, break; signature->verify_message_update = OSSL_FUNC_signature_verify_message_update(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL: if (signature->verify_message_final != NULL) break; signature->verify_message_final = OSSL_FUNC_signature_verify_message_final(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT: if (signature->verify_recover_init != NULL) @@ -150,7 +142,6 @@ static void *evp_signature_from_algorithm(int name_id, break; signature->verify_recover = OSSL_FUNC_signature_verify_recover(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT: if (signature->digest_sign_init != NULL) @@ -164,21 +155,18 @@ static void *evp_signature_from_algorithm(int name_id, break; signature->digest_sign_update = OSSL_FUNC_signature_digest_sign_update(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL: if (signature->digest_sign_final != NULL) break; signature->digest_sign_final = OSSL_FUNC_signature_digest_sign_final(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_DIGEST_SIGN: if (signature->digest_sign != NULL) break; signature->digest_sign = OSSL_FUNC_signature_digest_sign(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT: if (signature->digest_verify_init != NULL) @@ -192,21 +180,18 @@ static void *evp_signature_from_algorithm(int name_id, break; signature->digest_verify_update = OSSL_FUNC_signature_digest_verify_update(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL: if (signature->digest_verify_final != NULL) break; signature->digest_verify_final = OSSL_FUNC_signature_digest_verify_final(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY: if (signature->digest_verify != NULL) break; signature->digest_verify = OSSL_FUNC_signature_digest_verify(fns); - fncnt++; break; case OSSL_FUNC_SIGNATURE_FREECTX: if (signature->freectx != NULL) @@ -308,10 +293,8 @@ static void *evp_signature_from_algorithm(int name_id, * associated gettable, etc */ valid = 0; - if (valid && (initfncnt == 0 || fncnt < initfncnt)) - /* - * No init functions, or fewer execution functions than init functions - */ + if (valid && initfncnt == 0) + /* No init functions */ valid = 0; /* Now we check for function combinations */ |