From dfcb5d29b525f5d2b6bd80602dca5efe5fca77bb Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 30 Aug 2019 13:33:10 +0100 Subject: Add the ability to perform signatures in a provider This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It also introduces the new type EVP_SIGNATURE to represent signature algorithms. This also automatically makes the EVP_Sign* APIs provider aware because they use EVP_Digest* (which is already provider aware) and EVP_PKEY_sign(_init) under the covers. At this stage there are no signature algorithms in any providers. That will come in the following commits. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) --- include/openssl/core_numbers.h | 20 +++++++++++++++++++- include/openssl/evp.h | 7 +++++++ include/openssl/ossl_typ.h | 2 ++ 3 files changed, 28 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 521cd8c800..61ec1537b6 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -156,8 +156,9 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, # define OSSL_OP_KDF 4 # define OSSL_OP_KEYMGMT 10 # define OSSL_OP_KEYEXCH 11 +# define OSSL_OP_SIGNATURE 12 /* Highest known operation number */ -# define OSSL_OP__HIGHEST 11 +# define OSSL_OP__HIGHEST 12 /* Digests */ @@ -400,6 +401,23 @@ OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_params, (void *ctx, const OSSL_PARAM params[])) +/* Signature */ + +# define OSSL_FUNC_SIGNATURE_NEWCTX 1 +# define OSSL_FUNC_SIGNATURE_SIGN_INIT 2 +# define OSSL_FUNC_SIGNATURE_SIGN 3 +# define OSSL_FUNC_SIGNATURE_FREECTX 4 +# define OSSL_FUNC_SIGNATURE_DUPCTX 5 + +OSSL_CORE_MAKE_FUNC(void *, OP_signature_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_sign_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_sign, (void *ctx, unsigned char *sig, + size_t *siglen, size_t sigsize, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(void, OP_signature_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_signature_dupctx, (void *ctx)) + # ifdef __cplusplus } # endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d1bd0b69d0..b09547a8b0 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1470,6 +1470,13 @@ EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); +int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); +OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); +EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); + +int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature); int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 7eec053bee..530de2d20c 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -108,6 +108,8 @@ typedef struct evp_kdf_ctx_st EVP_KDF_CTX; typedef struct evp_keyexch_st EVP_KEYEXCH; +typedef struct evp_signature_st EVP_SIGNATURE; + typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct hmac_ctx_st HMAC_CTX; -- cgit v1.2.3