diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-05-08 12:50:13 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-05-11 12:59:25 +0100 |
| commit | 7539418981c140648a620d72edd7398564878b5c (patch) | |
| tree | 6c0266e49b56fa20ed3cbf0cb5ccbaec9cd80ca9 /crypto | |
| parent | 4f2a569535953b43f7d55ac6df60458dce326221 (diff) | |
| download | openssl-new-7539418981c140648a620d72edd7398564878b5c.tar.gz | |
Add EVP_DigestSign and EVP_DigesVerify
Add "single part" digest sign and verify functions. These sign and verify
a message in one function. This simplifies some operations and it will later
be used as the API for algorithms which do not support the update/final
mechanism (e.g. PureEdDSA).
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3409)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/a_sign.c | 3 | ||||
| -rw-r--r-- | crypto/asn1/a_verify.c | 21 | ||||
| -rw-r--r-- | crypto/evp/m_sigver.c | 16 |
3 files changed, 23 insertions, 17 deletions
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 7e21a5ec9f..4e93b5a768 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -205,8 +205,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, goto err; } - if (!EVP_DigestSignUpdate(ctx, buf_in, inl) - || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { + if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); goto err; diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 00ab136f02..ec51d3e7cd 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -89,7 +89,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, { EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; - int ret = -1, inl; + int ret = -1, inl = 0; int mdnid, pknid; @@ -159,24 +159,15 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); - - OPENSSL_clear_free(buf_in, (unsigned int)inl); - - if (!ret) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); - goto err; - } - ret = -1; - - if (EVP_DigestVerifyFinal(ctx, signature->data, - (size_t)signature->length) <= 0) { + ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, + buf_in, inl); + if (ret <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); - ret = 0; goto err; } ret = 1; err: + OPENSSL_clear_free(buf_in, (unsigned int)inl); EVP_MD_CTX_free(ctx); - return (ret); + return ret; } diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 3b74f72295..d53e1d6bd2 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -135,6 +135,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, return 1; } +int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) + return 0; + return EVP_DigestSignFinal(ctx, sigret, siglen); +} + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) { @@ -167,3 +175,11 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, return r; return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); } + +int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, size_t tbslen) +{ + if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) + return -1; + return EVP_DigestVerifyFinal(ctx, sigret, siglen); +} |