diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-04-21 15:56:34 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-04-25 22:12:34 +0100 |
commit | 786dd2c22c71081492e209d93beee3ff4fe66357 (patch) | |
tree | e51ecaa26605856fe4b3bc49fbae576f85566855 /crypto/include | |
parent | 7531b3a6cd4b42bece94c0aab5b963fe03d1b139 (diff) | |
download | openssl-786dd2c22c71081492e209d93beee3ff4fe66357.tar.gz |
Add support for custom signature parameters
Many signature types define the digest and public key type by a single OID
such as ecdsa_with_sha256.
Some types (RSA-PSS for example) use a single OID to indicate the signature
scheme and additional parameters are encoded in the AlgorithmIdentifier.
Add an X509_SIG_INFO structure to contain details about the signature type:
specifically the digest algorithm, public key algorithm, security bits and
various flags. This supports both existing algorithms and more complex
types.
Add accessors for the structure and a special case that retrieves signature
information from a certificate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
Diffstat (limited to 'crypto/include')
-rw-r--r-- | crypto/include/internal/asn1_int.h | 2 | ||||
-rw-r--r-- | crypto/include/internal/x509_int.h | 16 |
2 files changed, 18 insertions, 0 deletions
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h index f78ced6dab..6e6e028738 100644 --- a/crypto/include/internal/asn1_int.h +++ b/crypto/include/internal/asn1_int.h @@ -52,6 +52,8 @@ struct evp_pkey_asn1_method_st { int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); + int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig); } /* EVP_PKEY_ASN1_METHOD */ ; DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 10b605f709..124cc533bc 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -37,6 +37,19 @@ struct X509_name_st { int canon_enclen; } /* X509_NAME */ ; +/* Signature info structure */ + +struct x509_sig_info_st { + /* NID of message digest */ + int mdnid; + /* NID of public key algorithm */ + int pknid; + /* Security bits */ + int secbits; + /* Various flags */ + uint32_t flags; +}; + /* PKCS#10 certificate request */ struct X509_req_info_st { @@ -146,6 +159,7 @@ struct x509_st { X509_CINF cert_info; X509_ALGOR sig_alg; ASN1_BIT_STRING signature; + X509_SIG_INFO siginf; CRYPTO_REF_COUNT references; CRYPTO_EX_DATA ex_data; /* These contain copies of various extension values */ @@ -267,3 +281,5 @@ struct x509_object_st { int a2i_ipadd(unsigned char *ipout, const char *ipasc); int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); + +void x509_init_sig_info(X509 *x); |