OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
19-Apr-2006 19:06:00
Branch: HEAD Handle:
2006041918055009
Modified files:
openssl CHANGES
openssl/apps ca.c req.c x509.c
openssl/crypto/asn1 a_sign.c a_verify.c asn1.h
asn1_err.c
openssl/crypto/evp evp.h m_dss.c m_dss1.c m_ecdsa.c
m_sha1.c p_sign.c
p_verify.c
openssl/crypto/rsa rsa_ameth.c
Log:
Remove link between digests and signature algorithms.
Use cross reference table in ASN1_item_sign(),
ASN1_item_verify() to eliminate
the need for algorithm specific code.
Summary:
Revision Changes Path
1.1309 +6 -0 openssl/CHANGES
1.153 +2 -0 openssl/apps/ca.c
1.129 +2 -0 openssl/apps/req.c
1.97 +2 -0 openssl/apps/x509.c
1.20 +24 -34 openssl/crypto/asn1/a_sign.c
1.19 +21 -5 openssl/crypto/asn1/a_verify.c
1.144 +3 -0 openssl/crypto/asn1/asn1.h
1.56 +10 -7 openssl/crypto/asn1/asn1_err.c
1.146 +10 -0 openssl/crypto/evp/evp.h
1.12 +1 -1 openssl/crypto/evp/m_dss.c
1.13 +1 -1 openssl/crypto/evp/m_dss1.c
1.4 +1 -1 openssl/crypto/evp/m_ecdsa.c
1.14 +1 -1 openssl/crypto/evp/m_sha1.c
1.7 +23 -0 openssl/crypto/evp/p_sign.c
1.8 +22 -4 openssl/crypto/evp/p_verify.c
1.10 +1 -1 openssl/crypto/rsa/rsa_ameth.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/CHANGES
============================================================
================
$ cvs diff -u -r1.1308 -r1.1309 CHANGES
--- openssl/CHANGES 18 Apr 2006 23:36:02 -0000 1.1308
+++ openssl/CHANGES 19 Apr 2006 17:05:50 -0000 1.1309
-4,6 +4,12
Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
+ *) Use OID cross reference table in ASN1_sign() and
ASN1_verify(). New
+ EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This
uses the relevant
+ signing method from the key type. This effectively
removes the link
+ between digests and public key types.
+ [Steve Henson]
+
*) Add an OID cross reference table and utility
functions. Its purpose is to
translate between signature OIDs such as
SHA1WithrsaEncryption and SHA1,
rsaEncryption. This will allow some of the algorithm
specific hackery
.
patch -p0 <<' .'
Index: openssl/apps/ca.c
============================================================
================
$ cvs diff -u -r1.152 -r1.153 ca.c
--- openssl/apps/ca.c 4 Nov 2005 09:30:52 -0000 1.152
+++ openssl/apps/ca.c 19 Apr 2006 17:05:52 -0000 1.153
-1412,6 +1412,7
/* we now have a CRL */
if (verbose) BIO_printf(bio_err,"signing
CRL\n");
+#if 0
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
dgst=EVP_dss1();
-1421,6 +1422,7
if (pkey->type == EVP_PKEY_EC)
dgst=EVP_ecdsa();
#endif
+#endif
/* Add any extensions asked for */
.
patch -p0 <<' .'
Index: openssl/apps/req.c
============================================================
================
$ cvs diff -u -r1.128 -r1.129 req.c
--- openssl/apps/req.c 15 Mar 2006 17:45:39 -0000 1.128
+++ openssl/apps/req.c 19 Apr 2006 17:05:52 -0000 1.129
-894,6 +894,7
BIO_printf(bio_err,"you need to specify a
private key\n");
goto end;
}
+#if 0
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
-902,6 +903,7
if (pkey->type == EVP_PKEY_EC)
digest=EVP_ecdsa();
#endif
+#endif
if (req == NULL)
{
req=X509_REQ_new();
.
patch -p0 <<' .'
Index: openssl/apps/x509.c
============================================================
================
$ cvs diff -u -r1.96 -r1.97 x509.c
--- openssl/apps/x509.c 20 Aug 2005 18:12:43 -0000 1.96
+++ openssl/apps/x509.c 19 Apr 2006 17:05:52 -0000 1.97
-912,6 +912,7
passin, e, "Private key");
if (Upkey == NULL) goto end;
}
+#if 0
#ifndef OPENSSL_NO_DSA
if (Upkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
-920,6 +921,7
if (Upkey->type == EVP_PKEY_EC)
digest=EVP_ecdsa();
#endif
+#endif
assert(need_rand);
if (!sign(x,Upkey,days,clrext,digest,
.
patch -p0 <<' .'
Index: openssl/crypto/asn1/a_sign.c
============================================================
================
$ cvs diff -u -r1.19 -r1.20 a_sign.c
--- openssl/crypto/asn1/a_sign.c 9 May 2005 00:27:32
-0000 1.19
+++ openssl/crypto/asn1/a_sign.c 19 Apr 2006 17:05:55
-0000 1.20
-123,6 +123,7
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
+#include "asn1_locl.h"
#ifndef NO_ASN1_OLD
-218,45 +219,34
{
EVP_MD_CTX ctx;
unsigned char *buf_in=NULL,*buf_out=NULL;
- int i,inl=0,outl=0,outll=0;
- X509_ALGOR *a;
+ int inl=0,outl=0,outll=0;
+ int signid, paramtype;
- EVP_MD_CTX_init(&ctx);
- for (i=0; i<2; i++)
+ if (type->flags &
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
{
- if (i == 0)
- a=algor1;
- else
- a=algor2;
- if (a == NULL) continue;
- if (type->pkey_type == NID_dsaWithSHA1
||
- type->pkey_type == NID_ecdsa_with_SHA1)
- {
- /* special case: RFC 3279 tells us to omit
'parameters'
- * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
- ASN1_TYPE_free(a->parameter);
- a->parameter = NULL;
- }
- else if ((a->parameter == NULL) ||
- (a->parameter->type != V_ASN1_NULL))
- {
- ASN1_TYPE_free(a->parameter);
- if ((a->parameter=ASN1_TYPE_new()) == NULL) goto
err;
- a->parameter->type=V_ASN1_NULL;
- }
- ASN1_OBJECT_free(a->algorithm);
- a->algorithm=OBJ_nid2obj(type->pkey_type);
- if (a->algorithm == NULL)
- {
- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE
);
- goto err;
- }
- if (a->algorithm->length == 0)
+ if (!pkey->ameth ||
+ !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
+ pkey->ameth->pkey_id))
{
- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDE
NTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
- goto err;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,
+ ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+ return 0;
}
}
+ else
+ signid = type->pkey_type;
+
+ if (pkey->ameth->pkey_flags &
ASN1_PKEY_SIGPARAM_NULL)
+ paramtype = V_ASN1_NULL;
+ else
+ paramtype = V_ASN1_UNDEF;
+
+ if (algor1)
+ X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype,
NULL);
+ if (algor2)
+ X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype,
NULL);
+
+ EVP_MD_CTX_init(&ctx);
inl=ASN1_item_i2d(asn,&buf_in, it);
outll=outl=EVP_PKEY_size(pkey);
buf_out=(unsigned char *)OPENSSL_malloc((unsigned
int)outl);
.
patch -p0 <<' .'
Index: openssl/crypto/asn1/a_verify.c
============================================================
================
$ cvs diff -u -r1.18 -r1.19 a_verify.c
--- openssl/crypto/asn1/a_verify.c 9 May 2005 00:27:32
-0000 1.18
+++ openssl/crypto/asn1/a_verify.c 19 Apr 2006 17:05:55
-0000 1.19
-60,6 +60,7
#include <time.h>
#include "cryptlib.h"
+#include "asn1_locl.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
-129,19 +130,34
void *asn, EVP_PKEY *pkey)
{
EVP_MD_CTX ctx;
- const EVP_MD *type;
+ const EVP_MD *type = NULL;
unsigned char *buf_in=NULL;
- int ret= -1,i,inl;
+ int ret= -1,inl;
- EVP_MD_CTX_init(&ctx);
- i=OBJ_obj2nid(a->algorithm);
- type=EVP_get_digestbyname(OBJ_nid2sn(i));
+ int mdnid, pknid;
+
+ /* Convert signature OID into digest and public key OIDs
*/
+
+ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm),
&mdnid, &pknid))
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_
ALGORITHM);
+ goto err;
+ }
+ type=EVP_get_digestbynid(mdnid);
if (type == NULL)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIG
EST_ALGORITHM);
goto err;
}
+ /* Check public key OID matches public key type */
+ if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_T
YPE);
+ goto err;
+ }
+
+ EVP_MD_CTX_init(&ctx);
if (!EVP_VerifyInit_ex(&ctx,type, NULL))
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
.
patch -p0 <<' .'
Index: openssl/crypto/asn1/asn1.h
============================================================
================
$ cvs diff -u -r1.143 -r1.144 asn1.h
--- openssl/crypto/asn1/asn1.h 22 Mar 2006 17:59:45
-0000 1.143
+++ openssl/crypto/asn1/asn1.h 19 Apr 2006 17:05:55
-0000 1.144
-1176,6 +1176,7
#define ASN1_R_DECODE_ERROR 110
#define ASN1_R_DECODING_ERROR 111
#define ASN1_R_DEPTH_EXCEEDED 174
+#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198
#define ASN1_R_ENCODE_ERROR 112
#define ASN1_R_ERROR_GETTING_TIME 173
#define ASN1_R_ERROR_LOADING_SECTION 172
-1251,6 +1252,7
#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163
+#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199
#define ASN1_R_UNKNOWN_TAG 194
#define ASN1_R_UNKOWN_FORMAT 195
#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
-1258,6 +1260,7
#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166
#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167
#define ASN1_R_UNSUPPORTED_TYPE 196
+#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200
#define ASN1_R_WRONG_TAG 168
#define ASN1_R_WRONG_TYPE 169
.
patch -p0 <<' .'
Index: openssl/crypto/asn1/asn1_err.c
============================================================
================
$ cvs diff -u -r1.55 -r1.56 asn1_err.c
--- openssl/crypto/asn1/asn1_err.c 21 Aug 2005 16:00:15
-0000 1.55
+++ openssl/crypto/asn1/asn1_err.c 19 Apr 2006 17:05:56
-0000 1.56
-93,7 +93,7
{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENE
RALIZEDTIME_set"},
{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3
"},
{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object&q
uot;},
-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new&
quot;},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW&
quot;},
{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set
"},
-111,7 +111,7
{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_
ncopy"},
{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new&q
uot;},
{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string
"},
-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"
;},
+{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"
;},
{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_
SET"},
{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"
},
{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack&q
uot;},
-123,7 +123,7
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE
_EX_D2I"},
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NE
W"},
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPL
ATE_NOEXP_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"
;},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_SET"
;},
{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1
_TYPE_get_int_octetstring"},
{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYP
E_get_octetstring"},
{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_str
ing"},
-140,7 +140,7
{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN
"},
{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes&quo
t;},
{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_
GENERALIZEDTIME"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER&
quot;},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER&
quot;},
{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER
"},
{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT&q
uot;},
{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
-168,10 +168,10
{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT&q
uot;},
{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"
},
{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set&quo
t;},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"
;},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_PBE_SET"
;},
{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"
},
-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_ad
d0_revoked"},
-{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"
;},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_AD
D0_REVOKED"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_NEW"
;},
{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE
"},
{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I
"},
{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW
"},
-196,6 +196,7
{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode
error"},
{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding
error"},
{ERR_REASON(ASN1_R_DEPTH_EXCEEDED) ,"depth
exceeded"},
+{ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),&quo
t;digest and key type not supported"},
{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode
error"},
{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error
getting time"},
{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error
loading section"},
-271,6 +272,7
{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"
unknown message digest algorithm"},
{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown
object type"},
{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown
public key type"},
+{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unkn
own signature algorithm"},
{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown
tag"},
{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown
format"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"u
nsupported any defined by type"},
-278,6 +280,7
{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"
unsupported encryption algorithm"},
{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsup
ported public key type"},
{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)
,"unsupported type"},
+{ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE),"wrong
public key type"},
{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong
tag"},
{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong
type"},
{0,NULL}
.
patch -p0 <<' .'
Index: openssl/crypto/evp/evp.h
============================================================
================
$ cvs diff -u -r1.145 -r1.146 evp.h
--- openssl/crypto/evp/evp.h 19 Apr 2006 12:16:58
-0000 1.145
+++ openssl/crypto/evp/evp.h 19 Apr 2006 17:05:57
-0000 1.146
-188,6 +188,15
#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only
handle a single
* block */
+#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a
"clone" digest used
+ * which is a copy of an existing
+ * one for a specific public key type.
+ * EVP_dss1() etc */
+
+/* Digest uses EVP_PKEY_METHOD for signing instead of MD
specific signing */
+
+#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004
+
#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
#ifndef OPENSSL_NO_DSA
-792,6 +801,7
#define ASN1_PKEY_ALIAS 0x1
#define ASN1_PKEY_DYNAMIC 0x2
+#define ASN1_PKEY_SIGPARAM_NULL 0x4
#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1
.
patch -p0 <<' .'
Index: openssl/crypto/evp/m_dss.c
============================================================
================
$ cvs diff -u -r1.11 -r1.12 m_dss.c
--- openssl/crypto/evp/m_dss.c 16 Jul 2005 12:37:32
-0000 1.11
+++ openssl/crypto/evp/m_dss.c 19 Apr 2006 17:05:57
-0000 1.12
-81,7 +81,7
NID_dsaWithSHA,
NID_dsaWithSHA,
SHA_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_DIGEST,
init,
update,
final,
.
patch -p0 <<' .'
Index: openssl/crypto/evp/m_dss1.c
============================================================
================
$ cvs diff -u -r1.12 -r1.13 m_dss1.c
--- openssl/crypto/evp/m_dss1.c 16 Jul 2005 12:37:32
-0000 1.12
+++ openssl/crypto/evp/m_dss1.c 19 Apr 2006 17:05:57
-0000 1.13
-82,7 +82,7
NID_dsa,
NID_dsaWithSHA1,
SHA_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_DIGEST,
init,
update,
final,
.
patch -p0 <<' .'
Index: openssl/crypto/evp/m_ecdsa.c
============================================================
================
$ cvs diff -u -r1.3 -r1.4 m_ecdsa.c
--- openssl/crypto/evp/m_ecdsa.c 15 May 2004 11:29:48
-0000 1.3
+++ openssl/crypto/evp/m_ecdsa.c 19 Apr 2006 17:05:57
-0000 1.4
-130,7 +130,7
NID_ecdsa_with_SHA1,
NID_ecdsa_with_SHA1,
SHA_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_DIGEST,
init,
update,
final,
.
patch -p0 <<' .'
Index: openssl/crypto/evp/m_sha1.c
============================================================
================
$ cvs diff -u -r1.13 -r1.14 m_sha1.c
--- openssl/crypto/evp/m_sha1.c 16 Jul 2005 12:37:32
-0000 1.13
+++ openssl/crypto/evp/m_sha1.c 19 Apr 2006 17:05:57
-0000 1.14
-82,7 +82,7
NID_sha1,
NID_sha1WithRSAEncryption,
SHA_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init,
update,
final,
.
patch -p0 <<' .'
Index: openssl/crypto/evp/p_sign.c
============================================================
================
$ cvs diff -u -r1.6 -r1.7 p_sign.c
--- openssl/crypto/evp/p_sign.c 16 Oct 2001 01:22:20
-0000 1.6
+++ openssl/crypto/evp/p_sign.c 19 Apr 2006 17:05:58
-0000 1.7
-88,6 +88,28
EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
EVP_MD_CTX_cleanup(&tmp_ctx);
+
+ if (ctx->digest->flags &
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
+ {
+ EVP_PKEY_CTX *pkctx = NULL;
+ int sltmp = EVP_PKEY_size(pkey);
+ i = 0;
+ pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+ if (!pkctx)
+ goto err;
+ if (EVP_PKEY_sign_init(pkctx) <= 0)
+ goto err;
+ if (EVP_PKEY_CTX_set_signature_md(pkctx,
ctx->digest) <= 0)
+ goto err;
+ if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len)
<= 0)
+ goto err;
+ *siglen = sltmp;
+ i = 1;
+ err:
+ EVP_PKEY_CTX_free(pkctx);
+ return i;
+ }
+
for (i=0; i<4; i++)
{
v=ctx->digest->required_pkey_type[i];
-103,6 +125,7
EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
return(0);
}
+
if (ctx->digest->sign == NULL)
{
EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGUR
ED);
.
patch -p0 <<' .'
Index: openssl/crypto/evp/p_verify.c
============================================================
================
$ cvs diff -u -r1.7 -r1.8 p_verify.c
--- openssl/crypto/evp/p_verify.c 15 Mar 2004 23:15:18
-0000 1.7
+++ openssl/crypto/evp/p_verify.c 19 Apr 2006 17:05:58
-0000 1.8
-70,6 +70,28
int i,ok=0,v;
MS_STATIC EVP_MD_CTX tmp_ctx;
+ EVP_MD_CTX_init(&tmp_ctx);
+ EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
+ EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+ EVP_MD_CTX_cleanup(&tmp_ctx);
+
+ if (ctx->digest->flags &
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
+ {
+ EVP_PKEY_CTX *pkctx = NULL;
+ i = -1;
+ pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+ if (!pkctx)
+ goto err;
+ if (EVP_PKEY_verify_init(pkctx) <= 0)
+ goto err;
+ if (EVP_PKEY_CTX_set_signature_md(pkctx,
ctx->digest) <= 0)
+ goto err;
+ i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+ err:
+ EVP_PKEY_CTX_free(pkctx);
+ return i;
+ }
+
for (i=0; i<4; i++)
{
v=ctx->digest->required_pkey_type[i];
-85,10 +107,6
EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
return(-1);
}
- EVP_MD_CTX_init(&tmp_ctx);
- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
- EVP_MD_CTX_cleanup(&tmp_ctx);
if (ctx->digest->verify == NULL)
{
EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONF
IGURED);
.
patch -p0 <<' .'
Index: openssl/crypto/rsa/rsa_ameth.c
============================================================
================
$ cvs diff -u -r1.9 -r1.10 rsa_ameth.c
--- openssl/crypto/rsa/rsa_ameth.c 17 Apr 2006 17:12:23
-0000 1.9
+++ openssl/crypto/rsa/rsa_ameth.c 19 Apr 2006 17:05:59
-0000 1.10
-289,7 +289,7
{
EVP_PKEY_RSA,
EVP_PKEY_RSA,
- 0,
+ ASN1_PKEY_SIGPARAM_NULL,
"RSA",
"OpenSSL RSA method",
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|