diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-04-21 15:56:34 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-04-25 22:12:34 +0100 |
| commit | 786dd2c22c71081492e209d93beee3ff4fe66357 (patch) | |
| tree | e51ecaa26605856fe4b3bc49fbae576f85566855 /include/openssl | |
| parent | 7531b3a6cd4b42bece94c0aab5b963fe03d1b139 (diff) | |
| download | openssl-786dd2c22c71081492e209d93beee3ff4fe66357.tar.gz | |
Add support for custom signature parameters
Many signature types define the digest and public key type by a single OID
such as ecdsa_with_sha256.
Some types (RSA-PSS for example) use a single OID to indicate the signature
scheme and additional parameters are encoded in the AlgorithmIdentifier.
Add an X509_SIG_INFO structure to contain details about the signature type:
specifically the digest algorithm, public key algorithm, security bits and
various flags. This supports both existing algorithms and more complex
types.
Add accessors for the structure and a special case that retrieves signature
information from a certificate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
Diffstat (limited to 'include/openssl')
| -rw-r--r-- | include/openssl/ossl_typ.h | 2 | ||||
| -rw-r--r-- | include/openssl/x509.h | 15 |
2 files changed, 17 insertions, 0 deletions
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 129a67f057..deea03899a 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -131,6 +131,8 @@ typedef struct x509_lookup_st X509_LOOKUP; typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; +typedef struct x509_sig_info_st X509_SIG_INFO; + typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct v3_ext_ctx X509V3_CTX; diff --git a/include/openssl/x509.h b/include/openssl/x509.h index a6aabebd9c..0a692f803e 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -39,6 +39,13 @@ extern "C" { #endif + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + # define X509_FILETYPE_PEM 1 # define X509_FILETYPE_ASN1 2 # define X509_FILETYPE_DEFAULT 3 @@ -549,6 +556,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); int i2d_re_X509_tbs(X509 *x, unsigned char **pp); +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); int X509_get_signature_nid(const X509 *x); |