#endif
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
- X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
- EVP_PKEY *pkey, const EVP_MD *type)
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+ ASN1_BIT_STRING *signature, const void *data,
+ EVP_PKEY *pkey, const EVP_MD *md)
{
- int rv;
- EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ return ASN1_item_sign_with_libctx(it, algor1, algor2, signature, data, NULL,
+ pkey, md, NULL, NULL);
+}
+
+int ASN1_item_sign_with_libctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+ const void *data, const ASN1_OCTET_STRING *id,
+ EVP_PKEY *pkey, const EVP_MD *md,
+ OPENSSL_CTX *libctx, const char *propq)
+{
+ int rv = 0;
+ EVP_MD_CTX *ctx = evp_md_ctx_new_with_libctx(pkey, id, libctx, propq);
if (ctx == NULL) {
- ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) {
- EVP_MD_CTX_free(ctx);
+ ASN1err(0, ERR_R_MALLOC_FAILURE);
return 0;
}
+ if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))
+ goto err;
- rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
+ rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx);
+ err:
+ EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx));
EVP_MD_CTX_free(ctx);
return rv;
}
-int ASN1_item_sign_ctx(const ASN1_ITEM *it,
- X509_ALGOR *algor1, X509_ALGOR *algor2,
- ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+ const void *data, EVP_MD_CTX *ctx)
{
- const EVP_MD *type;
+ const EVP_MD *md;
EVP_PKEY *pkey;
unsigned char *buf_in = NULL, *buf_out = NULL;
size_t inl = 0, outl = 0, outll = 0;
int signid, paramtype, buf_len = 0;
int rv, pkey_id;
- type = EVP_MD_CTX_md(ctx);
+ md = EVP_MD_CTX_md(ctx);
pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
if (pkey == NULL) {
rv = 3;
} else if (pkey->ameth->item_sign) {
- rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);
+ rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature);
if (rv == 1)
outl = signature->length;
/*-
}
if (rv == 2) {
- if (type == NULL) {
+ if (md == NULL) {
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
goto err;
}
#endif
pkey->ameth->pkey_id;
- if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey_id)) {
+ if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) {
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
goto err;
}
- buf_len = ASN1_item_i2d(asn, &buf_in, it);
+ buf_len = ASN1_item_i2d(data, &buf_in, it);
if (buf_len <= 0) {
outl = 0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR);
#endif
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
- ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
+int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg,
+ const ASN1_BIT_STRING *signature, const void *data,
+ EVP_PKEY *pkey)
{
+ return ASN1_item_verify_with_libctx(it, alg, signature, data, NULL, pkey,
+ NULL, NULL);
+}
+
+int ASN1_item_verify_with_libctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
+ const ASN1_BIT_STRING *signature,
+ const void *data,
+ const ASN1_OCTET_STRING *id, EVP_PKEY *pkey,
+ OPENSSL_CTX *libctx, const char *propq)
+{
+ EVP_MD_CTX *ctx;
int rv = -1;
- EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
- if (ctx == NULL || pctx == NULL) {
- ASN1err(0, ERR_R_MALLOC_FAILURE);
- goto err;
+ if ((ctx = evp_md_ctx_new_with_libctx(pkey, id, libctx, propq)) != NULL) {
+ rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx);
+ EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx));
+ EVP_MD_CTX_free(ctx);
}
-
- EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
-
- rv = ASN1_item_verify_ctx(it, a, signature, asn, ctx);
-
- err:
- EVP_PKEY_CTX_free(pctx);
- EVP_MD_CTX_free(ctx);
return rv;
}
-int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *a,
- ASN1_BIT_STRING *signature, void *asn,
+int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
+ const ASN1_BIT_STRING *signature, const void *data,
EVP_MD_CTX *ctx)
{
EVP_PKEY *pkey;
}
/* Convert signature OID into digest and public key OIDs */
- if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
+ if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)) {
ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
goto err;
}
ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
goto err;
}
- ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey);
+ ret = pkey->ameth->item_verify(ctx, it, data, alg, signature, pkey);
/*
* Return values meaning:
* <=0: error.
}
}
- inl = ASN1_item_i2d(asn, &buf_in, it);
+ inl = ASN1_item_i2d(data, &buf_in, it);
if (inl <= 0) {
ASN1err(0, ERR_R_INTERNAL_ERROR);
goto err;
void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
int (*item_verify) (EVP_MD_CTX *ctx,
const ASN1_ITEM *it,
- void *asn,
- X509_ALGOR *a,
- ASN1_BIT_STRING *sig,
+ const void *data,
+ const X509_ALGOR *a,
+ const ASN1_BIT_STRING *sig,
EVP_PKEY *pkey),
int (*item_sign) (EVP_MD_CTX *ctx,
const ASN1_ITEM *it,
- void *asn,
+ const void *data,
X509_ALGOR *alg1,
X509_ALGOR *alg2,
ASN1_BIT_STRING *sig))
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return ED448_SIGSIZE;
}
-static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
- X509_ALGOR *sigalg, ASN1_BIT_STRING *str,
- EVP_PKEY *pkey)
+static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it,
+ const void *asn, const X509_ALGOR *sigalg,
+ const ASN1_BIT_STRING *str, EVP_PKEY *pkey)
{
const ASN1_OBJECT *obj;
int ptype;
return 2;
}
-static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it,
+ const void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *str)
{
return 1;
}
-static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it,
+ const void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *str)
{
ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio
ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp
ASN1_F_ASN1_ITEM_PACK:198:ASN1_item_pack
-ASN1_F_ASN1_ITEM_SIGN:195:ASN1_item_sign
ASN1_F_ASN1_ITEM_SIGN_CTX:220:ASN1_item_sign_ctx
ASN1_F_ASN1_ITEM_UNPACK:199:ASN1_item_unpack
ASN1_F_ASN1_ITEM_VERIFY:197:ASN1_item_verify
#include <stdio.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include <openssl/ec.h>
#include <openssl/engine.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
return 1;
}
+#ifndef FIPS_MODULE
+EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey,
+ const ASN1_OCTET_STRING *id,
+ OPENSSL_CTX *libctx, const char *propq)
+{
+ EVP_MD_CTX *ctx;
+ EVP_PKEY_CTX *pctx = NULL;
+
+ if ((ctx = EVP_MD_CTX_new()) == NULL
+ || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) {
+ ASN1err(0, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+# ifndef OPENSSL_NO_EC
+ if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) {
+ ASN1err(0, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+# endif
+
+ EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
+ return ctx;
+
+ err:
+ EVP_PKEY_CTX_free(pctx);
+ EVP_MD_CTX_free(ctx);
+ return NULL;
+}
+#endif
+
EVP_MD_CTX *EVP_MD_CTX_new(void)
{
return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
*/
static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
- X509_ALGOR *sigalg, EVP_PKEY *pkey)
+ const X509_ALGOR *sigalg, EVP_PKEY *pkey)
{
int rv = -1;
int saltlen;
* is encountered requiring special handling. We currently only handle PSS.
*/
-static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
- X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
- EVP_PKEY *pkey)
+static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it,
+ const void *asn, const X509_ALGOR *sigalg,
+ const ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
{
/* Sanity check: make sure it is PSS */
if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
}
#endif
-static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig)
{
#include "crypto/pkcs7.h"
#include "crypto/x509.h"
-static void clean_id_ctx(EVP_MD_CTX *ctx)
-{
- EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx);
-
- EVP_PKEY_CTX_free(pctx);
- EVP_MD_CTX_free(ctx);
-}
-
-static EVP_MD_CTX *make_id_ctx(EVP_PKEY *r, ASN1_OCTET_STRING *id,
- OPENSSL_CTX *libctx, const char *propq)
-{
- EVP_MD_CTX *ctx = NULL;
- EVP_PKEY_CTX *pctx = NULL;
-
- if ((ctx = EVP_MD_CTX_new()) == NULL
- || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, r, propq)) == NULL) {
- X509err(0, ERR_R_MALLOC_FAILURE);
- goto error;
- }
-
-#ifndef OPENSSL_NO_EC
- if (id != NULL) {
- if (EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) {
- X509err(0, ERR_R_MALLOC_FAILURE);
- goto error;
- }
- }
-#endif
-
- EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
-
- return ctx;
- error:
- EVP_PKEY_CTX_free(pctx);
- EVP_MD_CTX_free(ctx);
- return NULL;
-}
-
int X509_verify(X509 *a, EVP_PKEY *r)
{
- int rv = 0;
- EVP_MD_CTX *ctx = NULL;
- ASN1_OCTET_STRING *id = NULL;
-
if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
return 0;
- id = a->distinguishing_id;
- if ((ctx = make_id_ctx(r, id, a->libctx, a->propq)) != NULL) {
- rv = ASN1_item_verify_ctx(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
- &a->signature, &a->cert_info, ctx);
- clean_id_ctx(ctx);
- }
- return rv;
+ return ASN1_item_verify_with_libctx(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
+ &a->signature, &a->cert_info,
+ a->distinguishing_id, r,
+ a->libctx, a->propq);
}
int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx,
const char *propq)
{
- int rv = 0;
- EVP_MD_CTX *ctx = NULL;
- ASN1_OCTET_STRING *id = NULL;
-
- id = a->distinguishing_id;
- if ((ctx = make_id_ctx(r, id, libctx, propq)) != NULL) {
- rv = ASN1_item_verify_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg,
- a->signature, &a->req_info, ctx);
- clean_id_ctx(ctx);
- }
- return rv;
+ return ASN1_item_verify_with_libctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+ &a->sig_alg, a->signature, &a->req_info,
+ a->distinguishing_id, r, libctx, propq);
}
int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
const unsigned char **pder, int derlen);
int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
/* Custom ASN1 signature verification */
- int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
- X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
- int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+ int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data,
+ const X509_ALGOR *a, const ASN1_BIT_STRING *sig,
+ EVP_PKEY *pkey);
+ int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig);
int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
const char *propq);
+EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey,
+ const ASN1_OCTET_STRING *id,
+ OPENSSL_CTX *libctx, const char *propq);
#endif /* !defined(FIPS_MODULE) */
void evp_method_store_flush(OPENSSL_CTX *libctx);
int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq,
CHECKED_PTR_OF(const type, x)))
void *ASN1_item_dup(const ASN1_ITEM *it, const void *x);
+int ASN1_item_sign_with_libctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+ const void *data, const ASN1_OCTET_STRING *id,
+ EVP_PKEY *pkey, const EVP_MD *md,
+ OPENSSL_CTX *libctx, const char *propq);
+int ASN1_item_verify_with_libctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
+ const ASN1_BIT_STRING *signature,
+ const void *data,
+ const ASN1_OCTET_STRING *id, EVP_PKEY *pkey,
+ OPENSSL_CTX *libctx, const char *propq);
/* ASN1 alloc/free macros for when a type is only used internally */
# define ASN1_F_ASN1_ITEM_I2D_BIO 0
# define ASN1_F_ASN1_ITEM_I2D_FP 0
# define ASN1_F_ASN1_ITEM_PACK 0
-# define ASN1_F_ASN1_ITEM_SIGN 0
# define ASN1_F_ASN1_ITEM_SIGN_CTX 0
# define ASN1_F_ASN1_ITEM_UNPACK 0
# define ASN1_F_ASN1_ITEM_VERIFY 0
void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
int (*item_verify) (EVP_MD_CTX *ctx,
const ASN1_ITEM *it,
- void *asn,
- X509_ALGOR *a,
- ASN1_BIT_STRING *sig,
+ const void *data,
+ const X509_ALGOR *a,
+ const ASN1_BIT_STRING *sig,
EVP_PKEY *pkey),
int (*item_sign) (EVP_MD_CTX *ctx,
const ASN1_ITEM *it,
- void *asn,
+ const void *data,
X509_ALGOR *alg1,
X509_ALGOR *alg2,
ASN1_BIT_STRING *sig));
void X509_INFO_free(X509_INFO *a);
char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+/* TODO move this block of decls to asn1.h when 'breaking change' is possible */
DEPRECATEDIN_3_0(int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
ASN1_BIT_STRING *signature, char *data,
EVP_PKEY *pkey))
-
DEPRECATEDIN_3_0(int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type,
char *data,
unsigned char *md, unsigned int *len))
-
DEPRECATEDIN_3_0(int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey, const EVP_MD *type))
-
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
unsigned char *md, unsigned int *len);
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
- ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
-int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
- ASN1_BIT_STRING *signature, void *data,
+int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg,
+ const ASN1_BIT_STRING *signature, const void *data,
+ EVP_PKEY *pkey);
+int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
+ const ASN1_BIT_STRING *signature, const void *data,
EVP_MD_CTX *ctx);
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
- X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
- EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+ ASN1_BIT_STRING *signature, const void *data,
+ EVP_PKEY *pkey, const EVP_MD *md);
int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
- void *asn, EVP_MD_CTX *ctx);
+ const void *data, EVP_MD_CTX *ctx);
long X509_get_version(const X509 *x);
int X509_set_version(X509 *x, long version);
EVP_PKEY_private_check ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_pairwise_check ? 3_0_0 EXIST::FUNCTION:
ASN1_item_verify_ctx ? 3_0_0 EXIST::FUNCTION:
+ASN1_item_sign_with_libctx ? 3_0_0 EXIST::FUNCTION:
+ASN1_item_verify_with_libctx ? 3_0_0 EXIST::FUNCTION:
RAND_DRBG_set_callback_data ? 3_0_0 NOEXIST::FUNCTION:
RAND_DRBG_get_callback_data ? 3_0_0 NOEXIST::FUNCTION:
BIO_socket_wait ? 3_0_0 EXIST::FUNCTION:SOCK
ASN1_item_print(3)
ASN1_item_sign(3)
ASN1_item_sign_ctx(3)
+ASN1_item_sign_with_libctx(3)
ASN1_item_unpack(3)
ASN1_item_verify(3)
ASN1_item_verify_ctx(3)
+ASN1_item_verify_with_libctx(3)
ASN1_mbstring_copy(3)
ASN1_mbstring_ncopy(3)
ASN1_object_size(3)