diff options
author | Matt Caswell <matt@openssl.org> | 2019-08-30 13:33:10 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-09-09 13:52:26 +0100 |
commit | dfcb5d29b525f5d2b6bd80602dca5efe5fca77bb (patch) | |
tree | 2cfb247b0ec70de547f7d376a090e57727d49771 /crypto/cms/cms_sd.c | |
parent | 2b95e8efcf8b99892106070d9ac745a0a369f503 (diff) | |
download | openssl-dfcb5d29b525f5d2b6bd80602dca5efe5fca77bb.tar.gz |
Add the ability to perform signatures in a provider
This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It
also introduces the new type EVP_SIGNATURE to represent signature
algorithms. This also automatically makes the EVP_Sign* APIs provider
aware because they use EVP_Digest* (which is already provider aware)
and EVP_PKEY_sign(_init) under the covers.
At this stage there are no signature algorithms in any providers. That
will come in the following commits.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9753)
Diffstat (limited to 'crypto/cms/cms_sd.c')
-rw-r--r-- | crypto/cms/cms_sd.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 4de750bd72..6715e84d2f 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -706,11 +706,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) si->pctx = pctx; } + /* + * TODO(3.0): This causes problems when providers are in use, so disabled + * for now. Can we get rid of this completely? AFAICT this ctrl has been + * present since CMS was first put in - but has never been used to do + * anything. All internal implementations just return 1 and ignore this ctrl + * and have always done so by the looks of things. To fix this we could + * convert this ctrl into a param, which would require us to send all the + * signer info data as a set of params...but that is non-trivial and since + * this isn't used by anything it may be better just to remove it. + */ +#if 0 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; } +#endif alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, ASN1_ITEM_rptr(CMS_Attributes_Sign)); @@ -727,11 +739,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; + /* + * TODO(3.0): This causes problems when providers are in use, so disabled + * for now. Can we get rid of this completely? AFAICT this ctrl has been + * present since CMS was first put in - but has never been used to do + * anything. All internal implementations just return 1 and ignore this ctrl + * and have always done so by the looks of things. To fix this we could + * convert this ctrl into a param, which would require us to send all the + * signer info data as a set of params...but that is non-trivial and since + * this isn't used by anything it may be better just to remove it. + */ +#if 0 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; } +#endif EVP_MD_CTX_reset(mctx); |