Add support for custom signature parameters

Many signature types define the digest and public key type by a single OID such as ecdsa_with_sha256. Some types (RSA-PSS for example) use a single OID to indicate the signature scheme and additional parameters are encoded in the AlgorithmIdentifier. Add an X509_SIG_INFO structure to contain details about the signature type: specifically the digest algorithm, public key algorithm, security bits and various flags. This supports both existing algorithms and more complex types. Add accessors for the structure and a special case that retrieves signature information from a certificate. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3301)
author: Dr. Stephen Henson <steve@openssl.org> 2017-04-21 15:56:34 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2017-04-25 22:12:34 +0100
commit: 786dd2c22c71081492e209d93beee3ff4fe66357 (patch)
tree: e51ecaa26605856fe4b3bc49fbae576f85566855 /crypto/include
parent: 7531b3a6cd4b42bece94c0aab5b963fe03d1b139 (diff)
download: openssl-786dd2c22c71081492e209d93beee3ff4fe66357.tar.gz
2 files changed, 18 insertions, 0 deletions
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
index f78ced6dab..6e6e028738 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -52,6 +52,8 @@ struct evp_pkey_asn1_method_st {
     int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                       X509_ALGOR *alg1, X509_ALGOR *alg2,
                       ASN1_BIT_STRING *sig);
+    int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                       const ASN1_STRING *sig);
 } /* EVP_PKEY_ASN1_METHOD */ ;
 
 DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 10b605f709..124cc533bc 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -37,6 +37,19 @@ struct X509_name_st {
     int canon_enclen;
 } /* X509_NAME */ ;
 
+/* Signature info structure */
+
+struct x509_sig_info_st {
+    /* NID of message digest */
+    int mdnid;
+    /* NID of public key algorithm */
+    int pknid;
+    /* Security bits */
+    int secbits;
+    /* Various flags */
+    uint32_t flags;
+};
+
 /* PKCS#10 certificate request */
 
 struct X509_req_info_st {
@@ -146,6 +159,7 @@ struct x509_st {
     X509_CINF cert_info;
     X509_ALGOR sig_alg;
     ASN1_BIT_STRING signature;
+    X509_SIG_INFO siginf;
     CRYPTO_REF_COUNT references;
     CRYPTO_EX_DATA ex_data;
     /* These contain copies of various extension values */
@@ -267,3 +281,5 @@ struct x509_object_st {
 
 int a2i_ipadd(unsigned char *ipout, const char *ipasc);
 int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+void x509_init_sig_info(X509 *x);
author	Dr. Stephen Henson <steve@openssl.org>	2017-04-21 15:56:34 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2017-04-25 22:12:34 +0100
commit	786dd2c22c71081492e209d93beee3ff4fe66357 (patch)
tree	e51ecaa26605856fe4b3bc49fbae576f85566855 /crypto/include
parent	7531b3a6cd4b42bece94c0aab5b963fe03d1b139 (diff)
download	openssl-786dd2c22c71081492e209d93beee3ff4fe66357.tar.gz