OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
10-Jul-2006 20:36:55
Branch: HEAD Handle:
2006071019365005
Modified files:
openssl CHANGES
openssl/crypto/dsa dsa_pmeth.c
openssl/crypto/ec ec_pmeth.c
openssl/crypto/evp digest.c evp.h
openssl/crypto/pkcs7 pk7_doit.c pk7_mime.c pkcs7.h
pkcs7err.c
openssl/crypto/rsa rsa_pmeth.c
Log:
Allow digests to supply S/MIME micalg values from a
ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7
structure so
customisation is possible.
Summary:
Revision Changes Path
1.1339 +10 -0 openssl/CHANGES
1.7 +3 -0 openssl/crypto/dsa/dsa_pmeth.c
1.4 +1 -0 openssl/crypto/ec/ec_pmeth.c
1.32 +2 -0 openssl/crypto/evp/digest.c
1.165 +9 -3 openssl/crypto/evp/evp.h
1.72 +22 -8 openssl/crypto/pkcs7/pk7_doit.c
1.29 +33 -29 openssl/crypto/pkcs7/pk7_mime.c
1.65 +1 -0 openssl/crypto/pkcs7/pkcs7.h
1.28 +1 -0 openssl/crypto/pkcs7/pkcs7err.c
1.26 +1 -0 openssl/crypto/rsa/rsa_pmeth.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/CHANGES
============================================================
================
$ cvs diff -u -r1.1338 -r1.1339 CHANGES
--- openssl/CHANGES 9 Jul 2006 16:05:40 -0000 1.1338
+++ openssl/CHANGES 10 Jul 2006 18:36:50 -0000 1.1339
-4,6 +4,16
Changes between 0.9.8b and 0.9.9 [xx XXX xxxx]
+ *) Allow digests to supply their own micalg string for
S/MIME type using
+ the ctrl EVP_MD_CTRL_MICALG.
+ [Steve Henson]
+
+ *) During PKCS7 signing pass the PKCS7 SignerInfo
structure to the
+ EVP_PKEY_METHOD before and after signing via the
EVP_PKEY_CTRL_PKCS7_SIGN
+ ctrl. It can then customise the structure before
and/or after signing
+ if necessary.
+ [Steve Henson]
+
*) New function OBJ_add_sigid() to allow application
defined signature OIDs
to be added to OpenSSLs internal tables. New
function OBJ_sigid_free()
to free up any added signature OIDs.
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_pmeth.c
============================================================
================
$ cvs diff -u -r1.6 -r1.7 dsa_pmeth.c
--- openssl/crypto/dsa/dsa_pmeth.c 24 May 2006 23:49:25
-0000 1.6
+++ openssl/crypto/dsa/dsa_pmeth.c 10 Jul 2006 18:36:51
-0000 1.7
-169,6 +169,9
dctx->md = p2;
return 1;
+ case EVP_PKEY_CTRL_PKCS7_SIGN:
+ return 1;
+
default:
return -2;
.
patch -p0 <<' .'
Index: openssl/crypto/ec/ec_pmeth.c
============================================================
================
$ cvs diff -u -r1.3 -r1.4 ec_pmeth.c
--- openssl/crypto/ec/ec_pmeth.c 24 May 2006 23:49:27
-0000 1.3
+++ openssl/crypto/ec/ec_pmeth.c 10 Jul 2006 18:36:52
-0000 1.4
-230,6 +230,7
case EVP_PKEY_CTRL_PEER_KEY:
/* Default behaviour is OK */
+ case EVP_PKEY_CTRL_PKCS7_SIGN:
return 1;
default:
.
patch -p0 <<' .'
Index: openssl/crypto/evp/digest.c
============================================================
================
$ cvs diff -u -r1.31 -r1.32 digest.c
--- openssl/crypto/evp/digest.c 25 May 2006 00:54:59
-0000 1.31
+++ openssl/crypto/evp/digest.c 10 Jul 2006 18:36:52
-0000 1.32
-332,6 +332,8
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_siz
e);
OPENSSL_free(ctx->md_data);
}
+ if (ctx->pctx)
+ EVP_PKEY_CTX_free(ctx->pctx);
#ifndef OPENSSL_NO_ENGINE
if(ctx->engine)
/* The EVP_MD we used belongs to an ENGINE, release the
.
patch -p0 <<' .'
Index: openssl/crypto/evp/evp.h
============================================================
================
$ cvs diff -u -r1.164 -r1.165 evp.h
--- openssl/crypto/evp/evp.h 9 Jul 2006 00:53:45
-0000 1.164
+++ openssl/crypto/evp/evp.h 10 Jul 2006 18:36:52
-0000 1.165
-218,6 +218,7
/* Digest ctrls */
#define EVP_MD_CTRL_DIGALGID 0x1
+#define EVP_MD_CTRL_MICALG 0x2
/* Minimum Algorithm specific ctrl value */
-455,6 +456,9
#define
EVP_SignDigestUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
#define
EVP_VerifyDigestUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
+#define
EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
+#define
EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
+
#ifdef CONST_STRICT
void BIO_set_md(BIO *,const EVP_MD *md);
#else
-981,10 +985,12
EVP_PKEY_CTRL_MD, 0, (void *)md)
#define EVP_PKEY_CTRL_MD 1
-#define EVP_PKEY_CTRL_PEER_KEY 2
+#define EVP_PKEY_CTRL_PEER_KEY 2
+
+#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3
+#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4
-#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3
-#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4
+#define EVP_PKEY_CTRL_PKCS7_SIGN 5
#define EVP_PKEY_ALG_CTRL 0x1000
.
patch -p0 <<' .'
Index: openssl/crypto/pkcs7/pk7_doit.c
============================================================
================
$ cvs diff -u -r1.71 -r1.72 pk7_doit.c
--- openssl/crypto/pkcs7/pk7_doit.c 24 May 2006 13:29:31
-0000 1.71
+++ openssl/crypto/pkcs7/pk7_doit.c 10 Jul 2006 18:36:53
-0000 1.72
-826,6 +826,7
int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
{
EVP_MD_CTX mctx;
+ EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL;
int alen;
unsigned int siglen;
-836,21 +837,38
return 0;
EVP_MD_CTX_init(&mctx);
- if (!EVP_SignInit_ex(&mctx,md,NULL))
+ if (EVP_DigestSignInit(&mctx, &pctx, md,NULL,
si->pkey) <= 0)
goto err;
+
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+ EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0)
+ {
+ PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN,
PKCS7_R_CTRL_ERROR);
+ goto err;
+ }
+
alen = ASN1_item_i2d((ASN1_VALUE
*)si->auth_attr,&abuf,
ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
if(!abuf)
goto err;
- if (!EVP_SignUpdate(&mctx,abuf,alen))
+ if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
goto err;
OPENSSL_free(abuf);
- abuf = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
+ if (EVP_DigestSignFinal(&mctx, NULL, &siglen)
<= 0)
+ goto err;
+ abuf = OPENSSL_malloc(siglen);
if(!abuf)
goto err;
- if (!EVP_SignFinal(&mctx, abuf, &siglen,
si->pkey))
+ if (EVP_DigestSignFinal(&mctx, abuf, &siglen)
<= 0)
goto err;
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+ EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0)
+ {
+ PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN,
PKCS7_R_CTRL_ERROR);
+ goto err;
+ }
+
EVP_MD_CTX_cleanup(&mctx);
ASN1_STRING_set0(si->enc_digest, abuf, siglen);
-864,10 +882,6
return 0;
}
-
-
-
-
int PKCS7_dataVerify(X509_STORE *cert_store,
X509_STORE_CTX *ctx, BIO *bio,
PKCS7 *p7, PKCS7_SIGNER_INFO *si)
.
patch -p0 <<' .'
Index: openssl/crypto/pkcs7/pk7_mime.c
============================================================
================
$ cvs diff -u -r1.28 -r1.29 pk7_mime.c
--- openssl/crypto/pkcs7/pk7_mime.c 6 Jun 2006 13:27:36
-0000 1.28
+++ openssl/crypto/pkcs7/pk7_mime.c 10 Jul 2006 18:36:53
-0000 1.29
-149,52 +149,65
static int pk7_write_micalg(BIO *out, PKCS7 *p7)
{
STACK_OF(X509_ALGOR) *mdalgs;
- STACK *mic_sk;
- int i, have_unknown = 0, ret = 0;
+ const EVP_MD *md;
+ int i, have_unknown = 0, write_comma, ret = 0, md_nid;
mdalgs = p7->d.sign->md_algs;
- mic_sk = sk_new_null();
- if (!mic_sk)
- goto err;
have_unknown = 0;
+ write_comma = 0;
for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
{
- switch(OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs,
i)->algorithm))
+ if (write_comma)
+ BIO_write(out, ",", 1);
+ write_comma = 1;
+ md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs,
i)->algorithm);
+ md = EVP_get_digestbynid(md_nid);
+ if (md && md->md_ctrl)
{
- case NID_sha1:
- if (!sk_push(mic_sk, "sha1"))
+ int rv;
+ char *micstr;
+ rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0,
&micstr);
+ if (rv > 0)
+ {
+ BIO_puts(out, micstr);
+ OPENSSL_free(micstr);
+ continue;
+ }
+ if (rv != -2)
goto err;
+ }
+ switch(md_nid)
+ {
+ case NID_sha1:
+ BIO_puts(out, "sha1");
break;
case NID_md5:
- if (!sk_push(mic_sk, "md5"))
- goto err;
+ BIO_puts(out, "md5");
break;
case NID_sha256:
- if (!sk_push(mic_sk, "sha-256"))
- goto err;
+ BIO_puts(out, "sha-256");
break;
case NID_sha384:
- if (!sk_push(mic_sk, "sha-384"))
- goto err;
+ BIO_puts(out, "sha-384");
break;
case NID_sha512:
- if (!sk_push(mic_sk, "sha-512"))
- goto err;
+ BIO_puts(out, "sha-512");
break;
case NID_id_GostR3411_94:
- if (!sk_push(mic_sk, "gostr3411-94"))
+ BIO_puts(out, "gostr3411-94");
goto err;
break;
default:
- if (!have_unknown)
+ if (have_unknown)
+ write_comma = 0;
+ else
{
- if (!sk_push(mic_sk, "unknown"))
- goto err;
+ BIO_puts(out, "unknown");
have_unknown = 1;
}
break;
-202,18 +215,9
}
}
- for (i = 0; i < sk_num(mic_sk); i++)
- {
- BIO_puts(out, sk_value(mic_sk, i));
- if (i > 0)
- BIO_write(out, ",", 1);
- }
ret = 1;
err:
- if (mic_sk)
- sk_free(mic_sk);
-
return ret;
}
.
patch -p0 <<' .'
Index: openssl/crypto/pkcs7/pkcs7.h
============================================================
================
$ cvs diff -u -r1.64 -r1.65 pkcs7.h
--- openssl/crypto/pkcs7/pkcs7.h 18 May 2006 23:44:44
-0000 1.64
+++ openssl/crypto/pkcs7/pkcs7.h 10 Jul 2006 18:36:54
-0000 1.65
-435,6 +435,7
#define PKCS7_F_PKCS7_SIGN 116
#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
#define PKCS7_F_PKCS7_SIGNER_INFO_SET 129
+#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139
#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137
#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
#define PKCS7_F_PKCS7_VERIFY 117
.
patch -p0 <<' .'
Index: openssl/crypto/pkcs7/pkcs7err.c
============================================================
================
$ cvs diff -u -r1.27 -r1.28 pkcs7err.c
--- openssl/crypto/pkcs7/pkcs7err.c 18 May 2006 23:44:44
-0000 1.27
+++ openssl/crypto/pkcs7/pkcs7err.c 10 Jul 2006 18:36:54
-0000 1.28
-103,6 +103,7
{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signa
tureVerify"},
{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNE
R_INFO_set"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIG
NER_INFO_sign"},
{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_
add_signer"},
{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simpl
e_smimecap"},
{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}
,
.
patch -p0 <<' .'
Index: openssl/crypto/rsa/rsa_pmeth.c
============================================================
================
$ cvs diff -u -r1.25 -r1.26 rsa_pmeth.c
--- openssl/crypto/rsa/rsa_pmeth.c 28 May 2006 19:36:29
-0000 1.25
+++ openssl/crypto/rsa/rsa_pmeth.c 10 Jul 2006 18:36:55
-0000 1.26
-438,6 +438,7
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+ case EVP_PKEY_CTRL_PKCS7_SIGN:
return 1;
default:
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|