git.ipfire.org Git - thirdparty/openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Thu, 18 Jan 2024 14:27:34 +0000 (15:27 +0100)
committer	Richard Levitte <levitte@openssl.org>
	Wed, 21 Aug 2024 06:21:06 +0000 (08:21 +0200)
commit	e675aabb8747d0f2da5691945f1a429558ebc34d
tree	e7a7b724b7cb8bf437ace58d5803873833830ff4	tree
parent	1985ba60bba272d5780c498461f2b1171f10aa21	commit \| diff

Implement functionality for direct use of composite signature algorithms

The following API groups are extended with a new init function, as well
as an update and final function, to allow the use of explicitly fetched
signature implementations for any composite signature algorithm, like
"sha1WithRSAEncryption":

- EVP_PKEY_sign
- EVP_PKEY_verify
- EVP_PKEY_verify_recover

To support this, providers are required to add a few new functions, not
the least one that declares what key types an signature implementation
supports.

While at this, the validity check in evp_signature_from_algorithm() is
also refactored; the SIGNATURE provider functionality is too complex for
counters. It's better, or at least more readable, to check function
combinations.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23416)

crypto/err/openssl.txt		diff \| blob \| blame \| history
crypto/evp/evp_err.c		diff \| blob \| blame \| history
crypto/evp/evp_local.h		diff \| blob \| blame \| history
crypto/evp/signature.c		diff \| blob \| blame \| history
doc/man3/EVP_PKEY_sign.pod		diff \| blob \| blame \| history
doc/man3/EVP_PKEY_verify.pod		diff \| blob \| blame \| history
doc/man3/EVP_PKEY_verify_recover.pod		diff \| blob \| blame \| history
include/openssl/core_dispatch.h		diff \| blob \| blame \| history
include/openssl/evp.h		diff \| blob \| blame \| history
include/openssl/evperr.h		diff \| blob \| blame \| history
util/libcrypto.num		diff \| blob \| blame \| history
util/perl/OpenSSL/paramnames.pm		diff \| blob \| blame \| history