diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-26 17:32:05 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-08-09 17:34:52 +1000 |
commit | 0ab18e7924727f7b613edc187f3a5074d0ce9bc6 (patch) | |
tree | 15d960fa8fd6adca2f9bf74621fada77098a8be5 /crypto | |
parent | 11eef7e766ad76158be8da497fba2bc048b02ca1 (diff) | |
download | openssl-0ab18e7924727f7b613edc187f3a5074d0ce9bc6.tar.gz |
Add EVP signature with libctx methods.
-Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx()
-Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to
EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11884)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ct/ct_vfy.c | 5 | ||||
-rw-r--r-- | crypto/evp/digest.c | 5 | ||||
-rw-r--r-- | crypto/evp/m_sigver.c | 27 | ||||
-rw-r--r-- | crypto/evp/p_sign.c | 16 | ||||
-rw-r--r-- | crypto/evp/p_verify.c | 16 |
5 files changed, 44 insertions, 25 deletions
diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c index f270e4378a..b05e77b8a1 100644 --- a/crypto/ct/ct_vfy.c +++ b/crypto/ct/ct_vfy.c @@ -122,8 +122,9 @@ int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) if (ctx == NULL) goto end; - if (!EVP_DigestVerifyInit_ex(ctx, NULL, "SHA2-256", sctx->propq, sctx->pkey, - sctx->libctx)) + if (!EVP_DigestVerifyInit_with_libctx(ctx, NULL, + "SHA2-256", sctx->libctx, sctx->propq, + sctx->pkey)) goto end; if (!sct_ctx_update(ctx, sctx, sct)) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 58cd160502..7476efd9bc 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -295,8 +295,9 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate(). * Some code calls EVP_DigestUpdate() directly even when initialised - * with EVP_DigestSignInit_ex() or EVP_DigestVerifyInit_ex(), so we - * detect that and redirect to the correct EVP_Digest*Update() function + * with EVP_DigestSignInit_with_libctx() or + * EVP_DigestVerifyInit_with_libctx(), so we detect that and redirect to + * the correct EVP_Digest*Update() function */ if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) return EVP_DigestSignUpdate(ctx, data, count); diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 8d37f19d6c..04ac121e25 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -38,8 +38,8 @@ static const char *canon_mdname(const char *mdname) static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, const char *mdname, - const char *props, ENGINE *e, EVP_PKEY *pkey, - OPENSSL_CTX *libctx, int ver) + OPENSSL_CTX *libctx, const char *props, + ENGINE *e, EVP_PKEY *pkey, int ver) { EVP_PKEY_CTX *locpctx = NULL; EVP_SIGNATURE *signature = NULL; @@ -285,31 +285,32 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return 1; } -int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const char *mdname, const char *props, EVP_PKEY *pkey, - OPENSSL_CTX *libctx) +int EVP_DigestSignInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, + OPENSSL_CTX *libctx, const char *props, + EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, NULL, mdname, props, NULL, pkey, libctx, - 0); + return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0); } int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, NULL, NULL, e, pkey, NULL, 0); + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0); } -int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const char *mdname, const char *props, - EVP_PKEY *pkey, OPENSSL_CTX *libctx) +int EVP_DigestVerifyInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, + OPENSSL_CTX *libctx, const char *props, + EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, NULL, mdname, props, NULL, pkey, libctx, 1); + return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1); } int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, NULL, NULL, e, pkey, NULL, 1); + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1); } #endif /* FIPS_MDOE */ diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 44a69083b2..2c4f49a528 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -14,8 +14,9 @@ #include <openssl/x509.h> #include "crypto/evp.h" -int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey) +int EVP_SignFinal_with_libctx(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey, + OPENSSL_CTX *libctx, const char *propq) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; @@ -30,8 +31,9 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, } else { int rv = 0; EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL) { - EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); return 0; } rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); @@ -44,7 +46,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, sltmp = (size_t)EVP_PKEY_size(pkey); i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); + pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); if (pkctx == NULL) goto err; if (EVP_PKEY_sign_init(pkctx) <= 0) @@ -59,3 +61,9 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, EVP_PKEY_CTX_free(pkctx); return i; } + +int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey) +{ + return EVP_SignFinal_with_libctx(ctx, sigret, siglen, pkey, NULL, NULL); +} diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index fe4b7b568d..db14866af0 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -14,8 +14,9 @@ #include <openssl/x509.h> #include "crypto/evp.h" -int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey) +int EVP_VerifyFinal_with_libctx(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey, + OPENSSL_CTX *libctx, const char *propq) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; @@ -28,8 +29,9 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, } else { int rv = 0; EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL) { - EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); return 0; } rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); @@ -41,7 +43,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, } i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); + pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); if (pkctx == NULL) goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) @@ -53,3 +55,9 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, EVP_PKEY_CTX_free(pkctx); return i; } + +int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey) +{ + return EVP_VerifyFinal_with_libctx(ctx, sigbuf, siglen, pkey, NULL, NULL); +} |