From: Dr. David von Oheimb Date: Thu, 14 May 2020 19:09:49 +0000 (+0200) Subject: Add libctx and propq param to ASN.1 sign/verify/HMAC/decrypt X-Git-Tag: openssl-3.0.0-alpha7~534 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ded346fad2f2c86bc13ac3beaf5e00e969f04442;p=thirdparty%2Fopenssl.git Add libctx and propq param to ASN.1 sign/verify/HMAC/decrypt Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11808) --- diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 300f30aa71f..04edd1b28ce 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -115,40 +115,50 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, #endif -int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, - EVP_PKEY *pkey, const EVP_MD *type) +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey, const EVP_MD *md) { - int rv; - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + return ASN1_item_sign_with_libctx(it, algor1, algor2, signature, data, NULL, + pkey, md, NULL, NULL); +} + +int ASN1_item_sign_with_libctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, const ASN1_OCTET_STRING *id, + EVP_PKEY *pkey, const EVP_MD *md, + OPENSSL_CTX *libctx, const char *propq) +{ + int rv = 0; + EVP_MD_CTX *ctx = evp_md_ctx_new_with_libctx(pkey, id, libctx, propq); if (ctx == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { - EVP_MD_CTX_free(ctx); + ASN1err(0, ERR_R_MALLOC_FAILURE); return 0; } + if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) + goto err; - rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); + rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx); + err: + EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx)); EVP_MD_CTX_free(ctx); return rv; } -int ASN1_item_sign_ctx(const ASN1_ITEM *it, - X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, EVP_MD_CTX *ctx) { - const EVP_MD *type; + const EVP_MD *md; EVP_PKEY *pkey; unsigned char *buf_in = NULL, *buf_out = NULL; size_t inl = 0, outl = 0, outll = 0; int signid, paramtype, buf_len = 0; int rv, pkey_id; - type = EVP_MD_CTX_md(ctx); + md = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (pkey == NULL) { @@ -202,7 +212,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, rv = 3; } else if (pkey->ameth->item_sign) { - rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); + rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature); if (rv == 1) outl = signature->length; /*- @@ -221,7 +231,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, } if (rv == 2) { - if (type == NULL) { + if (md == NULL) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); goto err; } @@ -232,7 +242,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, #endif pkey->ameth->pkey_id; - if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey_id)) { + if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); goto err; @@ -250,7 +260,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, } - buf_len = ASN1_item_i2d(asn, &buf_in, it); + buf_len = ASN1_item_i2d(data, &buf_in, it); if (buf_len <= 0) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR); diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index eb024e79c0d..2b2c46a8543 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -85,30 +85,33 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, #endif -int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) +int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey) { + return ASN1_item_verify_with_libctx(it, alg, signature, data, NULL, pkey, + NULL, NULL); +} + +int ASN1_item_verify_with_libctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, + const void *data, + const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, + OPENSSL_CTX *libctx, const char *propq) +{ + EVP_MD_CTX *ctx; int rv = -1; - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); - if (ctx == NULL || pctx == NULL) { - ASN1err(0, ERR_R_MALLOC_FAILURE); - goto err; + if ((ctx = evp_md_ctx_new_with_libctx(pkey, id, libctx, propq)) != NULL) { + rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx); + EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx)); + EVP_MD_CTX_free(ctx); } - - EVP_MD_CTX_set_pkey_ctx(ctx, pctx); - - rv = ASN1_item_verify_ctx(it, a, signature, asn, ctx); - - err: - EVP_PKEY_CTX_free(pctx); - EVP_MD_CTX_free(ctx); return rv; } -int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *a, - ASN1_BIT_STRING *signature, void *asn, +int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, EVP_MD_CTX *ctx) { EVP_PKEY *pkey; @@ -130,7 +133,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *a, } /* Convert signature OID into digest and public key OIDs */ - if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { + if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)) { ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } @@ -140,7 +143,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *a, ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); + ret = pkey->ameth->item_verify(ctx, it, data, alg, signature, pkey); /* * Return values meaning: * <=0: error. @@ -172,7 +175,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *a, } } - inl = ASN1_item_i2d(asn, &buf_in, it); + inl = ASN1_item_i2d(data, &buf_in, it); if (inl <= 0) { ASN1err(0, ERR_R_INTERNAL_ERROR); goto err; diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 32074c460ea..e473112d0bf 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -361,13 +361,13 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, - void *asn, - X509_ALGOR *a, - ASN1_BIT_STRING *sig, + const void *data, + const X509_ALGOR *a, + const ASN1_BIT_STRING *sig, EVP_PKEY *pkey), int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, - void *asn, + const void *data, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)) diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 96878e2a46a..6a599bc067c 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 8b63e6918dd..75693e35f7c 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -570,9 +570,9 @@ static int ecd_size448(const EVP_PKEY *pkey) return ED448_SIGSIZE; } -static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *sigalg, ASN1_BIT_STRING *str, - EVP_PKEY *pkey) +static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, + const void *asn, const X509_ALGOR *sigalg, + const ASN1_BIT_STRING *str, EVP_PKEY *pkey) { const ASN1_OBJECT *obj; int ptype; @@ -592,7 +592,8 @@ static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } -static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, + const void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *str) { @@ -612,7 +613,8 @@ static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg, return 1; } -static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, + const void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *str) { diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index e83f1013ecb..892501045b0 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -40,7 +40,6 @@ ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp ASN1_F_ASN1_ITEM_PACK:198:ASN1_item_pack -ASN1_F_ASN1_ITEM_SIGN:195:ASN1_item_sign ASN1_F_ASN1_ITEM_SIGN_CTX:220:ASN1_item_sign_ctx ASN1_F_ASN1_ITEM_UNPACK:199:ASN1_item_unpack ASN1_F_ASN1_ITEM_VERIFY:197:ASN1_item_verify diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 7476efd9bc3..7caab8a5f78 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -73,6 +74,37 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) return 1; } +#ifndef FIPS_MODULE +EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey, + const ASN1_OCTET_STRING *id, + OPENSSL_CTX *libctx, const char *propq) +{ + EVP_MD_CTX *ctx; + EVP_PKEY_CTX *pctx = NULL; + + if ((ctx = EVP_MD_CTX_new()) == NULL + || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) { + ASN1err(0, ERR_R_MALLOC_FAILURE); + goto err; + } + +# ifndef OPENSSL_NO_EC + if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) { + ASN1err(0, ERR_R_MALLOC_FAILURE); + goto err; + } +# endif + + EVP_MD_CTX_set_pkey_ctx(ctx, pctx); + return ctx; + + err: + EVP_PKEY_CTX_free(pctx); + EVP_MD_CTX_free(ctx); + return NULL; +} +#endif + EVP_MD_CTX *EVP_MD_CTX_new(void) { return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 749cd8764be..130f6156c5d 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -696,7 +696,7 @@ static ASN1_STRING *rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx) */ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, - X509_ALGOR *sigalg, EVP_PKEY *pkey) + const X509_ALGOR *sigalg, EVP_PKEY *pkey) { int rv = -1; int saltlen; @@ -876,9 +876,9 @@ static int rsa_cms_verify(CMS_SignerInfo *si) * is encountered requiring special handling. We currently only handle PSS. */ -static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, - EVP_PKEY *pkey) +static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, + const void *asn, const X509_ALGOR *sigalg, + const ASN1_BIT_STRING *sig, EVP_PKEY *pkey) { /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) { @@ -920,7 +920,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si) } #endif -static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig) { diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 12a666884b5..a8ad292074e 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -27,76 +27,23 @@ #include "crypto/pkcs7.h" #include "crypto/x509.h" -static void clean_id_ctx(EVP_MD_CTX *ctx) -{ - EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx); - - EVP_PKEY_CTX_free(pctx); - EVP_MD_CTX_free(ctx); -} - -static EVP_MD_CTX *make_id_ctx(EVP_PKEY *r, ASN1_OCTET_STRING *id, - OPENSSL_CTX *libctx, const char *propq) -{ - EVP_MD_CTX *ctx = NULL; - EVP_PKEY_CTX *pctx = NULL; - - if ((ctx = EVP_MD_CTX_new()) == NULL - || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, r, propq)) == NULL) { - X509err(0, ERR_R_MALLOC_FAILURE); - goto error; - } - -#ifndef OPENSSL_NO_EC - if (id != NULL) { - if (EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) { - X509err(0, ERR_R_MALLOC_FAILURE); - goto error; - } - } -#endif - - EVP_MD_CTX_set_pkey_ctx(ctx, pctx); - - return ctx; - error: - EVP_PKEY_CTX_free(pctx); - EVP_MD_CTX_free(ctx); - return NULL; -} - int X509_verify(X509 *a, EVP_PKEY *r) { - int rv = 0; - EVP_MD_CTX *ctx = NULL; - ASN1_OCTET_STRING *id = NULL; - if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) return 0; - id = a->distinguishing_id; - if ((ctx = make_id_ctx(r, id, a->libctx, a->propq)) != NULL) { - rv = ASN1_item_verify_ctx(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, - &a->signature, &a->cert_info, ctx); - clean_id_ctx(ctx); - } - return rv; + return ASN1_item_verify_with_libctx(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, + &a->signature, &a->cert_info, + a->distinguishing_id, r, + a->libctx, a->propq); } int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx, const char *propq) { - int rv = 0; - EVP_MD_CTX *ctx = NULL; - ASN1_OCTET_STRING *id = NULL; - - id = a->distinguishing_id; - if ((ctx = make_id_ctx(r, id, libctx, propq)) != NULL) { - rv = ASN1_item_verify_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg, - a->signature, &a->req_info, ctx); - clean_id_ctx(ctx); - } - return rv; + return ASN1_item_verify_with_libctx(ASN1_ITEM_rptr(X509_REQ_INFO), + &a->sig_alg, a->signature, &a->req_info, + a->distinguishing_id, r, libctx, propq); } int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h index d3683649bc1..68672d1a02c 100644 --- a/include/crypto/asn1.h +++ b/include/crypto/asn1.h @@ -49,9 +49,10 @@ struct evp_pkey_asn1_method_st { const unsigned char **pder, int derlen); int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); /* Custom ASN1 signature verification */ - int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); - int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data, + const X509_ALGOR *a, const ASN1_BIT_STRING *sig, + EVP_PKEY *pkey); + int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, diff --git a/include/crypto/evp.h b/include/crypto/evp.h index d2b2584357e..512b4d6f48c 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -769,6 +769,9 @@ int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx, const char *propq); +EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey, + const ASN1_OCTET_STRING *id, + OPENSSL_CTX *libctx, const char *propq); #endif /* !defined(FIPS_MODULE) */ void evp_method_store_flush(OPENSSL_CTX *libctx); int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq, diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index a62d4d77554..b47e8e823e2 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -678,6 +678,16 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x); CHECKED_PTR_OF(const type, x))) void *ASN1_item_dup(const ASN1_ITEM *it, const void *x); +int ASN1_item_sign_with_libctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, const ASN1_OCTET_STRING *id, + EVP_PKEY *pkey, const EVP_MD *md, + OPENSSL_CTX *libctx, const char *propq); +int ASN1_item_verify_with_libctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, + const void *data, + const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, + OPENSSL_CTX *libctx, const char *propq); /* ASN1 alloc/free macros for when a type is only used internally */ diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index 3247e0f445e..f610d8816d4 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -59,7 +59,6 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_ITEM_I2D_BIO 0 # define ASN1_F_ASN1_ITEM_I2D_FP 0 # define ASN1_F_ASN1_ITEM_PACK 0 -# define ASN1_F_ASN1_ITEM_SIGN 0 # define ASN1_F_ASN1_ITEM_SIGN_CTX 0 # define ASN1_F_ASN1_ITEM_UNPACK 0 # define ASN1_F_ASN1_ITEM_VERIFY 0 diff --git a/include/openssl/evp.h b/include/openssl/evp.h index f1dc6204bc5..62015a7b1bb 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1446,13 +1446,13 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, - void *asn, - X509_ALGOR *a, - ASN1_BIT_STRING *sig, + const void *data, + const X509_ALGOR *a, + const ASN1_BIT_STRING *sig, EVP_PKEY *pkey), int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, - void *asn, + const void *data, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index c373fc98450..9aef28c954b 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -621,33 +621,30 @@ X509_INFO *X509_INFO_new(void); void X509_INFO_free(X509_INFO *a); char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); +/* TODO move this block of decls to asn1.h when 'breaking change' is possible */ DEPRECATEDIN_3_0(int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey)) - DEPRECATEDIN_3_0(int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, unsigned char *md, unsigned int *len)) - DEPRECATEDIN_3_0(int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type)) - int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, unsigned char *md, unsigned int *len); - -int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, - ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); -int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, - ASN1_BIT_STRING *signature, void *data, +int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey); +int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, EVP_MD_CTX *ctx); - -int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, - EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey, const EVP_MD *md); int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - void *asn, EVP_MD_CTX *ctx); + const void *data, EVP_MD_CTX *ctx); long X509_get_version(const X509 *x); int X509_set_version(X509 *x, long version); diff --git a/util/libcrypto.num b/util/libcrypto.num index a9b914839a5..19a9b4c9d3e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4926,6 +4926,8 @@ PKCS8_pkey_add1_attr_by_OBJ ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_private_check ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_pairwise_check ? 3_0_0 EXIST::FUNCTION: ASN1_item_verify_ctx ? 3_0_0 EXIST::FUNCTION: +ASN1_item_sign_with_libctx ? 3_0_0 EXIST::FUNCTION: +ASN1_item_verify_with_libctx ? 3_0_0 EXIST::FUNCTION: RAND_DRBG_set_callback_data ? 3_0_0 NOEXIST::FUNCTION: RAND_DRBG_get_callback_data ? 3_0_0 NOEXIST::FUNCTION: BIO_socket_wait ? 3_0_0 EXIST::FUNCTION:SOCK diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 3aa3b5065b5..97208d364e6 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -156,9 +156,11 @@ ASN1_item_pack(3) ASN1_item_print(3) ASN1_item_sign(3) ASN1_item_sign_ctx(3) +ASN1_item_sign_with_libctx(3) ASN1_item_unpack(3) ASN1_item_verify(3) ASN1_item_verify_ctx(3) +ASN1_item_verify_with_libctx(3) ASN1_mbstring_copy(3) ASN1_mbstring_ncopy(3) ASN1_object_size(3)