From: tb <tb@openbsd.org>
Date: Sun, 9 May 2021 14:25:40 +0000 (+0000)
Subject: Prepare to provide EVP_Digest{Sign,Verify}
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=42fe6953f079ba55dd984f61b3a4373b64e46cfb;p=openbsd

Prepare to provide EVP_Digest{Sign,Verify}

These are one-shot versions combining EVP_Digest{Sign,Verify}{Update,Final}.
and are part of the OpenSSL 1.1.1 API. While they simplify callers in some
situations slightly, their real use is for EdDSA that by design can't be
split into Update/Final steps.

Based on OpenSSL commit 7539418981c140648a620d72edd7398564878b5c

ok inoguchi
---

diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h
index e8a6eea035f..e2ec40b26ca 100644
--- a/lib/libcrypto/evp/evp.h
+++ b/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.81 2021/03/31 16:47:01 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.82 2021/05/09 14:25:40 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -617,7 +617,7 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 #ifndef LIBRESSL_INTERNAL
 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 #endif
-	
+
 int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
     EVP_PKEY *pkey);
 
@@ -628,11 +628,21 @@ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
 int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen);
 
+#if defined(LIBRESSL_INTERNAL)
+int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+    const unsigned char *tbs, size_t tbslen);
+#endif
+
 int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
     size_t siglen);
 
+#if defined(LIBRESSL_INTERNAL)
+int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+    size_t siglen, const unsigned char *tbs, size_t tbslen);
+#endif
+
 int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv);
 int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
diff --git a/lib/libcrypto/evp/m_sigver.c b/lib/libcrypto/evp/m_sigver.c
index f7dcaff418e..bd9374651ae 100644
--- a/lib/libcrypto/evp/m_sigver.c
+++ b/lib/libcrypto/evp/m_sigver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_sigver.c,v 1.8 2021/03/29 15:57:23 tb Exp $ */
+/* $OpenBSD: m_sigver.c,v 1.9 2021/05/09 14:25:40 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -186,6 +186,18 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 	return 1;
 }
 
+int
+EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+    const unsigned char *tbs, size_t tbslen)
+{
+	if (sigret != NULL) {
+		if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
+			return 0;
+	}
+
+	return EVP_DigestSignFinal(ctx, sigret, siglen);
+}
+
 int
 EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen)
 {
@@ -212,3 +224,13 @@ EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen)
 		return r;
 	return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
 }
+
+int
+EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
+    const unsigned char *tbs, size_t tbslen)
+{
+	if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
+		return -1;
+
+	return EVP_DigestVerifyFinal(ctx, sigret, siglen);
+}