diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-02 13:57:04 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-02 17:52:01 +0000 |
commit | 7f572e958b13041056f377a62d3219633cfb1e8a (patch) | |
tree | e25e20a9a52529c804812272317c7fbc03e5d978 /crypto | |
parent | 0aca86b313d286be979629a3193a12e17bf7171a (diff) |
Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/a_sign.c | 19 | ||||
-rw-r--r-- | crypto/engine/eng_openssl.c | 1 | ||||
-rw-r--r-- | crypto/evp/Makefile | 24 | ||||
-rw-r--r-- | crypto/evp/c_alld.c | 9 | ||||
-rw-r--r-- | crypto/evp/m_dss1.c | 102 | ||||
-rw-r--r-- | crypto/evp/m_ecdsa.c | 151 | ||||
-rw-r--r-- | crypto/evp/m_md4.c | 1 | ||||
-rw-r--r-- | crypto/evp/m_md5.c | 1 | ||||
-rw-r--r-- | crypto/evp/m_md5_sha1.c | 1 | ||||
-rw-r--r-- | crypto/evp/m_mdc2.c | 1 | ||||
-rw-r--r-- | crypto/evp/m_null.c | 1 | ||||
-rw-r--r-- | crypto/evp/m_ripemd.c | 1 | ||||
-rw-r--r-- | crypto/evp/m_sha1.c | 15 | ||||
-rw-r--r-- | crypto/evp/m_wp.c | 1 | ||||
-rw-r--r-- | crypto/evp/p_sign.c | 52 | ||||
-rw-r--r-- | crypto/evp/p_verify.c | 47 | ||||
-rw-r--r-- | crypto/rsa/rsa_pmeth.c | 27 |
17 files changed, 67 insertions, 387 deletions
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index ab1959e812..18923b153e 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -260,17 +260,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, rv = 2; if (rv == 2) { - if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - if (!pkey->ameth || - !OBJ_find_sigid_by_algs(&signid, - EVP_MD_nid(type), - pkey->ameth->pkey_id)) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, - ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); - return 0; - } - } else - signid = type->pkey_type; + if (!pkey->ameth || + !OBJ_find_sigid_by_algs(&signid, + EVP_MD_nid(type), + pkey->ameth->pkey_id)) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, + ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; + } if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) paramtype = V_ASN1_NULL; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 41754f7627..ba9adf0efa 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -363,7 +363,6 @@ static const EVP_MD test_sha_md = { test_sha1_final, NULL, NULL, - EVP_PKEY_RSA_method, SHA_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA_CTX), }; diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index c6722967f8..ee0998d9f9 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -20,7 +20,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ - m_md5_sha1.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ + m_md5_sha1.c m_mdc2.c m_ripemd.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -33,7 +33,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \ - m_md5_sha1.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ + m_md5_sha1.o m_mdc2.o m_ripemd.o \ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ @@ -460,26 +460,6 @@ evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h evp_pkey.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h evp_pkey.o: evp_pkey.c -m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss1.o: ../include/internal/cryptlib.h m_dss1.c -m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h -m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -m_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_ecdsa.o: ../include/internal/cryptlib.h m_ecdsa.c m_md2.o: ../../e_os.h ../../include/openssl/bio.h m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 0c68bade17..70e462da41 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -75,15 +75,6 @@ void OpenSSL_add_all_digests(void) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -# ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -# endif -# ifndef OPENSSL_NO_EC - EVP_add_digest(EVP_ecdsa()); -# endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c deleted file mode 100644 index 77a10cf799..0000000000 --- a/crypto/evp/m_dss1.c +++ /dev/null @@ -1,102 +0,0 @@ -/* crypto/evp/m_dss1.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "internal/cryptlib.h" - -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/sha.h> -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif - -static int init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dss1_md = { - NID_dsa, - NID_dsaWithSHA1, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_PKEY_DIGEST, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_NULL_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_dss1(void) -{ - return (&dss1_md); -} diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c deleted file mode 100644 index 745752dd7c..0000000000 --- a/crypto/evp/m_ecdsa.c +++ /dev/null @@ -1,151 +0,0 @@ -/* crypto/evp/m_ecdsa.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/sha.h> - -static int init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD ecdsa_md = { - NID_ecdsa_with_SHA1, - NID_ecdsa_with_SHA1, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_PKEY_DIGEST, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_NULL_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_ecdsa(void) -{ - return (&ecdsa_md); -} diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 2ef3023d16..80021b662b 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -94,7 +94,6 @@ static const EVP_MD md4_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD4_CBLOCK, sizeof(EVP_MD *) + sizeof(MD4_CTX), }; diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index cd021f55f4..4ada7d16ce 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -94,7 +94,6 @@ static const EVP_MD md5_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD5_CBLOCK, sizeof(EVP_MD *) + sizeof(MD5_CTX), }; diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 2504e95ff5..22cd7ce733 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -171,7 +171,6 @@ static const EVP_MD md5_sha1_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD5_CBLOCK, sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), ctrl diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 272d9cb2e5..ffd1b0effa 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -94,7 +94,6 @@ static const EVP_MD mdc2_md = { final, NULL, NULL, - EVP_PKEY_RSA_ASN1_OCTET_STRING_method, MDC2_BLOCK, sizeof(EVP_MD *) + sizeof(MDC2_CTX), }; diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 7374e697ab..c91f6cbd5a 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -87,7 +87,6 @@ static const EVP_MD null_md = { final, NULL, NULL, - EVP_PKEY_NULL_method, 0, sizeof(EVP_MD *), }; diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 30046c886f..f1c745c03e 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -94,7 +94,6 @@ static const EVP_MD ripemd160_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, RIPEMD160_CBLOCK, sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), }; diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 42e986d878..c913cae86c 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -139,13 +139,12 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init, update, final, NULL, NULL, - EVP_PKEY_NULL_method, SHA_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA_CTX), ctrl @@ -185,13 +184,12 @@ static const EVP_MD sha224_md = { NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init224, update256, final256, NULL, NULL, - EVP_PKEY_NULL_method, SHA256_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -205,13 +203,12 @@ static const EVP_MD sha256_md = { NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init256, update256, final256, NULL, NULL, - EVP_PKEY_NULL_method, SHA256_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -246,13 +243,12 @@ static const EVP_MD sha384_md = { NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init384, update512, final512, NULL, NULL, - EVP_PKEY_NULL_method, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; @@ -266,13 +262,12 @@ static const EVP_MD sha512_md = { NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init512, update512, final512, NULL, NULL, - EVP_PKEY_NULL_method, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 76258b6617..9ab3c62fe9 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -35,7 +35,6 @@ static const EVP_MD whirlpool_md = { final, NULL, NULL, - EVP_PKEY_NULL_method, WHIRLPOOL_BBLOCK / 8, sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), }; diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index df507a5178..808d0de013 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -67,7 +67,8 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; - int i = 0, ok = 0, v = 0; + int i = 0; + size_t sltmp; EVP_PKEY_CTX *pkctx = NULL; *siglen = 0; @@ -86,43 +87,20 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, return 0; } - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - size_t sltmp = (size_t)EVP_PKEY_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (pkctx == NULL) - goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; + sltmp = (size_t)EVP_PKEY_size(pkey); + i = 0; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pkctx == NULL) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; + i = 1; err: EVP_PKEY_CTX_free(pkctx); return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (0); - } - - if (ctx->digest->sign == NULL) { - EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return (0); - } - return ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, - pkey->pkey.ptr); } diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 892c646b36..9802dccbae 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; - int i = 0, ok = 0, v = 0; + int i = 0; EVP_PKEY_CTX *pkctx = NULL; if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { @@ -85,39 +85,16 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, return 0; } - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (pkctx == NULL) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); + i = -1; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pkctx == NULL) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (-1); - } - if (ctx->digest->verify == NULL) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return (0); - } - - return (ctx->digest->verify(ctx->digest->type, m, m_len, - sigbuf, siglen, pkey->pkey.ptr)); + EVP_PKEY_CTX_free(pkctx); + return i; } diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index a2022bb6a2..8c8e0e86e4 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -377,20 +377,43 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, static int check_padding_md(const EVP_MD *md, int padding) { + int mdnid; if (!md) return 1; + mdnid = EVP_MD_type(md); + if (padding == RSA_NO_PADDING) { RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); return 0; } if (padding == RSA_X931_PADDING) { - if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { + if (RSA_X931_hash_id(mdnid) == -1) { RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); return 0; } - return 1; + } else { + switch(mdnid) { + /* List of all supported RSA digests */ + case NID_sha1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + case NID_md5: + case NID_md5_sha1: + case NID_md2: + case NID_md4: + case NID_mdc2: + case NID_ripemd160: + return 1; + + default: + RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST); + return 0; + + } } return 1; |