New functions for enchanced digest sign/verify.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 24 May 2006 17:30:09 +0000 (17:30 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 24 May 2006 17:30:09 +0000 (17:30 +0000)
CHANGES
crypto/evp/Makefile
crypto/evp/evp.h
crypto/evp/m_sigver.c [new file with mode: 0644]
util/libeay.num

diff --git a/CHANGES b/CHANGES
index cb5f1613126bc88b2876bbbccd7350dfccfa785e..a75283284755feb5be3455ec81ee7d73ffa967c1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.8b and 0.9.9  [xx XXX xxxx]
 
+  *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
+     EVP_{Sign,Verify}* which allow an application to customise the signature
+     process.
+     [Steve Henson]
+
   *) New -resign option to smime utility. This adds one or more signers
      to an existing PKCS#7 signedData structure. Also -md option to use an
      alternative message digest algorithm for signing.
index 9530556fd7300ab28b76b87465d4cd5413f42a16..850ab85fef97af778127d3bfdb31f85748a0279b 100644 (file)
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-       e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c
+       e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
 
 LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
        e_des.o e_bf.o e_idea.o e_des3.o \
@@ -40,7 +40,7 @@ LIBOBJ=       encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-       e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o
+       e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o
 
 SRC= $(LIBSRC)
 
index d76d135abf92934cf1d42cbadfa844bdefbe483c..7af4860b9318aee92df4a9af5f042cab9ac22538 100644 (file)
@@ -452,6 +452,8 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define        EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
 #define EVP_OpenUpdate(a,b,c,d,e)      EVP_DecryptUpdate(a,b,c,d,e)
 #define EVP_SealUpdate(a,b,c,d,e)      EVP_EncryptUpdate(a,b,c,d,e)    
+#define EVP_SignDigestUpdate(a,b,c)    EVP_DigestUpdate(a,b,c)
+#define EVP_VerifyDigestUpdate(a,b,c)  EVP_DigestUpdate(a,b,c)
 
 #ifdef CONST_STRICT
 void BIO_set_md(BIO *,const EVP_MD *md);
@@ -536,6 +538,16 @@ int        EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 int    EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
                unsigned int siglen,EVP_PKEY *pkey);
 
+int    EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int    EVP_DigestSignFinal(EVP_MD_CTX *ctx,
+                       unsigned char *sigret, size_t *siglen);
+
+int    EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int    EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
+                       unsigned char *sig, size_t siglen);
+
 int    EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
                const unsigned char *ek, int ekl, const unsigned char *iv,
                EVP_PKEY *priv);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
new file mode 100644 (file)
index 0000000..9538211
--- /dev/null
@@ -0,0 +1,142 @@
+/* m_sigver.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, int ver)
+       {
+       if (!EVP_DigestInit_ex(ctx, type, e))
+               return 0;
+       if (ctx->pctx == NULL)
+               ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+       if (ctx->pctx == NULL)
+               return 0;
+       if (ver)
+               {
+               if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
+                       return 0;
+               }
+       else
+               {
+               if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
+                       return 0;
+               }
+       if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
+               return 0;
+       if (pctx)
+               *pctx = ctx->pctx;
+       return 1;
+       }
+
+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+       {
+       return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+       }
+
+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+       {
+       return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+       }
+
+
+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
+       {
+
+       if (sigret)
+               {
+               MS_STATIC EVP_MD_CTX tmp_ctx;
+               unsigned char md[EVP_MAX_MD_SIZE];
+               unsigned int mdlen;
+               EVP_MD_CTX_init(&tmp_ctx);
+               if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
+                       return 0;       
+               if (!EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen))
+                       return 0;
+               EVP_MD_CTX_cleanup(&tmp_ctx);
+               if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
+                       return 0;
+               }
+       else
+               {
+               if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL,
+                                               EVP_MD_size(ctx->digest)) <= 0)
+                       return 0;
+               }
+       return 1;
+       }
+
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
+       {
+       MS_STATIC EVP_MD_CTX tmp_ctx;
+       unsigned char md[EVP_MAX_MD_SIZE];
+       unsigned int mdlen;
+       EVP_MD_CTX_init(&tmp_ctx);
+       if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
+               return -1;      
+       if (!EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen))
+               return -1;
+       EVP_MD_CTX_cleanup(&tmp_ctx);
+       return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
+       }
index 9f1fb575fd63db36b79e4d8602143e240b446449..1ea9177ba9c2010744c0cea3020906d838409049 100755 (executable)
@@ -3703,3 +3703,7 @@ EVP_PBE_find                            4098      EXIST::FUNCTION:
 PKCS7_add1_attrib_digest                4099   EXIST::FUNCTION:
 EVP_PBE_alg_add_type                    4100   EXIST::FUNCTION:
 PKCS7_add_attrib_content_type           4101   EXIST::FUNCTION:
+EVP_DigestSignInit                      4102   EXIST::FUNCTION:
+EVP_DigestVerifyFinal                   4103   EXIST::FUNCTION:
+EVP_DigestVerifyInit                    4104   EXIST::FUNCTION:
+EVP_DigestSignFinal                     4105   EXIST::FUNCTION: