提交 07824f30 编写于 作者: M Matt Caswell

Revert "Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA"

This reverts commit a6f5b116.

The EVP_PKEY_sign() function is intended for pre-hashed input which is
not supported by our EdDSA implementation.

See the discussion in PR 5880
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6284)
上级 b14e6015
......@@ -250,8 +250,6 @@ static const ERR_STRING_DATA EC_str_functs[] = {
"pkey_ecd_digestsign25519"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0),
"pkey_ecd_digestsign448"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_SIGN25519, 0), "pkey_ecd_sign25519"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_SIGN448, 0), "pkey_ecd_sign448"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"},
......
......@@ -675,18 +675,18 @@ const EVP_PKEY_METHOD ecx448_pkey_meth = {
0
};
static int pkey_ecd_sign25519(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
const ECX_KEY *edkey = ctx->pkey->pkey.ecx;
const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
if (sig == NULL) {
*siglen = ED25519_SIGSIZE;
return 1;
}
if (*siglen < ED25519_SIGSIZE) {
ECerr(EC_F_PKEY_ECD_SIGN25519, EC_R_BUFFER_TOO_SMALL);
ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL);
return 0;
}
......@@ -696,26 +696,18 @@ static int pkey_ecd_sign25519(EVP_PKEY_CTX *ctx, unsigned char *sig,
return 1;
}
static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
return pkey_ecd_sign25519(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs,
tbslen);
}
static int pkey_ecd_sign448(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
const ECX_KEY *edkey = ctx->pkey->pkey.ecx;
const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
if (sig == NULL) {
*siglen = ED448_SIGSIZE;
return 1;
}
if (*siglen < ED448_SIGSIZE) {
ECerr(EC_F_PKEY_ECD_SIGN448, EC_R_BUFFER_TOO_SMALL);
ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);
return 0;
}
......@@ -726,18 +718,11 @@ static int pkey_ecd_sign448(EVP_PKEY_CTX *ctx, unsigned char *sig,
return 1;
}
static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
return pkey_ecd_sign448(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, tbslen);
}
static int pkey_ecd_verify25519(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
const ECX_KEY *edkey = ctx->pkey->pkey.ecx;
const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
if (siglen != ED25519_SIGSIZE)
return 0;
......@@ -745,19 +730,11 @@ static int pkey_ecd_verify25519(EVP_PKEY_CTX *ctx, const unsigned char *sig,
return ED25519_verify(tbs, tbslen, sig, edkey->pubkey);
}
static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
return pkey_ecd_verify25519(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs,
tbslen);
}
static int pkey_ecd_verify448(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
const ECX_KEY *edkey = ctx->pkey->pkey.ecx;
const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
if (siglen != ED448_SIGSIZE)
return 0;
......@@ -765,14 +742,6 @@ static int pkey_ecd_verify448(EVP_PKEY_CTX *ctx, const unsigned char *sig,
return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0);
}
static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
return pkey_ecd_verify448(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs,
tbslen);
}
static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
switch (type) {
......@@ -793,11 +762,7 @@ const EVP_PKEY_METHOD ed25519_pkey_meth = {
EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
0,
pkey_ecd_sign25519,
0,
pkey_ecd_verify25519,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
pkey_ecd_ctrl,
0,
pkey_ecd_digestsign25519,
......@@ -808,11 +773,7 @@ const EVP_PKEY_METHOD ed448_pkey_meth = {
EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
0,
pkey_ecd_sign448,
0,
pkey_ecd_verify448,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
pkey_ecd_ctrl,
0,
pkey_ecd_digestsign448,
......
......@@ -647,8 +647,6 @@ EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
EC_F_PKEY_ECD_DIGESTSIGN:272:pkey_ecd_digestsign
EC_F_PKEY_ECD_DIGESTSIGN25519:276:pkey_ecd_digestsign25519
EC_F_PKEY_ECD_DIGESTSIGN448:277:pkey_ecd_digestsign448
EC_F_PKEY_ECD_SIGN25519:284:pkey_ecd_sign25519
EC_F_PKEY_ECD_SIGN448:285:pkey_ecd_sign448
EC_F_PKEY_ECX_DERIVE:269:pkey_ecx_derive
EC_F_PKEY_EC_CTRL:197:pkey_ec_ctrl
EC_F_PKEY_EC_CTRL_STR:198:pkey_ec_ctrl_str
......
......@@ -173,8 +173,6 @@ int ERR_load_EC_strings(void);
# define EC_F_PKEY_ECD_DIGESTSIGN 272
# define EC_F_PKEY_ECD_DIGESTSIGN25519 276
# define EC_F_PKEY_ECD_DIGESTSIGN448 277
# define EC_F_PKEY_ECD_SIGN25519 284
# define EC_F_PKEY_ECD_SIGN448 285
# define EC_F_PKEY_ECX_DERIVE 269
# define EC_F_PKEY_EC_CTRL 197
# define EC_F_PKEY_EC_CTRL_STR 198
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册