generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add support for DSA with SHA2

Browse Source
This commit is contained in:
Nils Larsch 2007-02-03 14:41:12 +00:00
parent 0501f02b06
commit 357d5de5b9
16 changed files with 270 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 0.9.8e and 0.9.9 [xx XXX xxxx]
*) Add support for dsa-with-SHA224 and dsa-with-SHA256.
Use the leftmost N bytes of the signature input if the input is
larger than the prime q (with N being the size in bytes of q).
[Nils Larsch]
*) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
it yet and it is largely untested.
[Steve Henson]

2
crypto/dsa/Makefile
View File

@ -25,7 +25,7 @@ LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
SRC= $(LIBSRC)
EXHEADER= dsa.h
HEADER= $(EXHEADER)
HEADER= dsa_locl.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)

2
crypto/dsa/dsa.h
View File

@ -254,6 +254,8 @@ DH *DSA_dup_DH(const DSA *r);
EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes

13
crypto/dsa/dsa_ameth.c
View File

@ -537,12 +537,17 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
case ASN1_PKEY_CTRL_PKCS7_SIGN:
if (arg1 == 0)
{
int snid, hnid;
X509_ALGOR *alg1, *alg2;
PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_sha1),
V_ASN1_NULL, 0);
X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_dsaWithSHA1),
V_ASN1_UNDEF, 0);
if (alg1 == NULL || alg1->algorithm == NULL)
return -1;
hnid = OBJ_obj2nid(alg1->algorithm);
if (hnid == NID_undef)
return -1;
if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
return -1;
X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
}
return 1;

115
crypto/dsa/dsa_gen.c
View File

@ -74,17 +74,12 @@
#ifndef OPENSSL_NO_SHA
#include <stdio.h>
#include <time.h>
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
static int dsa_builtin_paramgen(DSA *ret, int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
#include "dsa_locl.h"
int DSA_generate_parameters_ex(DSA *ret, int bits,
unsigned char *seed_in, int seed_len,
@ -93,41 +88,72 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
if(ret->meth->dsa_paramgen)
return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
counter_ret, h_ret, cb);
return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
counter_ret, h_ret, cb);
else
{
const EVP_MD *evpmd;
size_t qbits = bits >= 2048 ? 256 : 160;
if (bits >= 2048)
{
qbits = 256;
evpmd = EVP_sha256();
}
else
{
qbits = 160;
evpmd = EVP_sha1();
}
return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
seed_in, seed_len, counter_ret, h_ret, cb);
}
}
static int dsa_builtin_paramgen(DSA *ret, int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, unsigned char *seed_in, size_t seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
{
int ok=0;
unsigned char seed[SHA_DIGEST_LENGTH];
unsigned char md[SHA_DIGEST_LENGTH];
unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
unsigned char seed[SHA256_DIGEST_LENGTH];
unsigned char md[SHA256_DIGEST_LENGTH];
unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
BIGNUM *r0,*W,*X,*c,*test;
BIGNUM *g=NULL,*q=NULL,*p=NULL;
BN_MONT_CTX *mont=NULL;
int k,n=0,i,b,m=0;
size_t i;
int k,n=0,b,m=0, qsize = qbits >> 3;
int counter=0;
int r=0;
BN_CTX *ctx=NULL;
unsigned int h=2;
if (bits < 512) bits=512;
bits=(bits+63)/64*64;
if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
qsize != SHA256_DIGEST_LENGTH)
/* invalid q size */
return 0;
if (seed_len < 20)
seed_in = NULL; /* seed buffer too small -- ignore */
if (seed_len > 20)
seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
* but our internal buffers are restricted to 160 bits*/
if ((seed_in != NULL) && (seed_len == 20))
memcpy(seed,seed_in,seed_len);
if (evpmd == NULL)
/* use SHA1 as default */
evpmd = EVP_sha1();
if ((ctx=BN_CTX_new()) == NULL) goto err;
if (bits < 512)
bits = 512;
if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
bits = (bits+63)/64*64;
if (seed_len < qsize)
seed_in = NULL; /* seed buffer too small -- ignore */
if (seed_len > qsize)
seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
* but our internal buffers are restricted to 160 bits*/
if (seed_in != NULL)
memcpy(seed, seed_in, seed_len);
if ((ctx=BN_CTX_new()) == NULL)
goto err;
if ((mont=BN_MONT_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
r0 = BN_CTX_get(ctx);
@ -154,7 +180,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
if (!seed_len)
{
RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
RAND_pseudo_bytes(seed, qsize);
seed_is_random = 1;
}
else
@ -162,25 +188,27 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
seed_is_random = 0;
seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
}
memcpy(buf,seed,SHA_DIGEST_LENGTH);
memcpy(buf2,seed,SHA_DIGEST_LENGTH);
memcpy(buf , seed, qsize);
memcpy(buf2, seed, qsize);
/* precompute "SEED + 1" for step 7: */
for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
for (i = qsize-1; i >= 0; i--)
{
buf[i]++;
if (buf[i] != 0) break;
if (buf[i] != 0)
break;
}
/* step 2 */
EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
for (i=0; i<SHA_DIGEST_LENGTH; i++)
EVP_Digest(seed, qsize, md, NULL, evpmd, NULL);
EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL);
for (i = 0; i < qsize; i++)
md[i]^=buf2[i];
/* step 3 */
md[0]|=0x80;
md[SHA_DIGEST_LENGTH-1]|=0x01;
if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
md[0] |= 0x80;
md[qsize-1] |= 0x01;
if (!BN_bin2bn(md, qsize, q))
goto err;
/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
@ -215,18 +243,19 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
for (k=0; k<=n; k++)
{
/* obtain "SEED + offset + k" by incrementing: */
for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
for (i = qsize-1; i >= 0; i--)
{
buf[i]++;
if (buf[i] != 0) break;
if (buf[i] != 0)
break;
}
EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
/* step 8 */
if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
if (!BN_bin2bn(md, qsize, r0))
goto err;
if (!BN_lshift(r0,r0,160*k)) goto err;
if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
if (!BN_add(W,W,r0)) goto err;
}
@ -300,7 +329,7 @@ err:
ok=0;
goto err;
}
if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed, qsize);
if (counter_ret != NULL) *counter_ret=counter;
if (h_ret != NULL) *h_ret=h;
}

59
crypto/dsa/dsa_locl.h Normal file
View File

@ -0,0 +1,59 @@
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/dsa.h>
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, unsigned char *seed_in, size_t seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

43
crypto/dsa/dsa_ossl.c
View File

@ -61,6 +61,7 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/sha.h>
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
@ -133,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
BIGNUM m;
BIGNUM xr;
BN_CTX *ctx=NULL;
int i,reason=ERR_R_BN_LIB;
int i, j, reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL;
BN_init(&m);
@ -148,8 +149,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
s=BN_new();
if (s == NULL) goto err;
i=BN_num_bytes(dsa->q); /* should be 20 */
if ((dlen > i) || (dlen > 50))
/* reject a excessive digest length (currently at most
* dsa-with-SHA256 is supported) */
if (dlen > SHA256_DIGEST_LENGTH)
{
reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
goto err;
@ -170,7 +172,17 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
dsa->r=NULL;
}
if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
if (BN_bin2bn(dgst,dlen,&m) == NULL)
goto err;
i = BN_num_bytes(dsa->q);
if (dlen > i)
{
/* if the digest length is greater than the size of q use the
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
if (!BN_rshift(&m, &m, (dlen - i) << 3))
goto err;
}
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@ -296,14 +308,16 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
BN_CTX *ctx;
BIGNUM u1,u2,t1;
BN_MONT_CTX *mont=NULL;
int ret = -1;
int ret = -1, i, j;
if (!dsa->p || !dsa->q || !dsa->g)
{
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
return -1;
}
if (BN_num_bits(dsa->q) != 160)
i = BN_num_bits(dsa->q);
/* fips 186-3 allows only different sizes for q */
if (i != 160 && i != 224 && i != 256)
{
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
return -1;
@ -315,6 +329,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
return -1;
}
/* reject a excessive digest length (currently at most
* dsa-with-SHA256 is supported) */
if (dgst_len > SHA256_DIGEST_LENGTH)
{
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return -1;
}
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
@ -340,6 +362,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
/* save M in u1 */
if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
j = dgst_len << 3;
if (j > i)
{
/* if the digest length is greater than the size of q use the
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
if (!BN_rshift(&u1, &u1, j - i))
goto err;
}
/* u1 = M * w mod q */
if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;

51
crypto/dsa/dsa_pmeth.c
View File

@ -59,20 +59,22 @@
#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include "evp_locl.h"
#include "dsa_locl.h"
/* DSA pkey context structure */
typedef struct
{
/* Parameter gen parameters */
int nbits;
int nbits; /* size of p in bits (default: 1024) */
int qbits; /* size of q in bits (default: 160) */
const EVP_MD *pmd; /* MD for parameter generation */
/* Keygen callback info */
int gentmp[2];
/* message digest */
const EVP_MD *md;
const EVP_MD *md; /* MD for the signature */
} DSA_PKEY_CTX;
static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
@ -82,6 +84,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
if (!dctx)
return 0;
dctx->nbits = 1024;
dctx->qbits = 160;
dctx->pmd = NULL;
dctx->md = NULL;
ctx->data = dctx;
@ -99,7 +103,9 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
sctx = src->data;
dctx = dst->data;
dctx->nbits = sctx->nbits;
dctx->md = sctx->md;
dctx->qbits = sctx->qbits;
dctx->pmd = sctx->pmd;
dctx->md = sctx->md;
return 1;
}
@ -160,8 +166,27 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
dctx->nbits = p1;
return 1;
case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
return -2;
dctx->qbits = p1;
return 1;
case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
{
DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
return 0;
}
dctx->md = p2;
return 1;
case EVP_PKEY_CTRL_MD:
if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1)
if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
{
DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
return 0;
@ -187,6 +212,18 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
nbits = atoi(value);
return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
}
if (!strcmp(type, "dsa_paramgen_q_bits"))
{
int qbits = atoi(value);
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
}
if (!strcmp(type, "dsa_paramgen_md"))
{
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
(void *)EVP_get_digestbyname(value));
}
return -2;
}
@ -206,8 +243,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
dsa = DSA_new();
if (!dsa)
return 0;
ret = DSA_generate_parameters_ex(dsa, dctx->nbits, NULL, 0, NULL, NULL,
pcb);
ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
NULL, 0, NULL, NULL, pcb);
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
else

4
crypto/dsa/dsa_sign.c
View File

@ -58,12 +58,8 @@
/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{

5
crypto/dsa/dsa_vrf.c
View File

@ -58,13 +58,8 @@
/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)

22
crypto/objects/obj_dat.h
View File

@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
#define NUM_NID 833
#define NUM_SN 829
#define NUM_LN 829
#define NUM_OBJ 785
#define NUM_NID 835
#define NUM_SN 831
#define NUM_LN 831
#define NUM_OBJ 787
static unsigned char lvalues[5542]={
static unsigned char lvalues[5560]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
@ -853,6 +853,8 @@ static unsigned char lvalues[5542]={
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5517] OBJ_ecdsa_with_SHA256 */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5525] OBJ_ecdsa_with_SHA384 */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5533] OBJ_ecdsa_with_SHA512 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5541] OBJ_dsa_with_SHA224 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5550] OBJ_dsa_with_SHA256 */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
@ -2202,6 +2204,10 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
&(lvalues[5525]),0},
{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
&(lvalues[5533]),0},
{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9,
&(lvalues[5541]),0},
{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
&(lvalues[5550]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -2452,6 +2458,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[470]),/* "documentVersion" */
&(nid_objs[392]),/* "domain" */
&(nid_objs[452]),/* "domainRelatedObject" */
&(nid_objs[833]),/* "dsa_with_SHA224" */
&(nid_objs[834]),/* "dsa_with_SHA256" */
&(nid_objs[827]),/* "ecdsa-with-Recommended" */
&(nid_objs[416]),/* "ecdsa-with-SHA1" */
&(nid_objs[829]),/* "ecdsa-with-SHA224" */
@ -3304,6 +3312,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[66]),/* "dsaWithSHA" */
&(nid_objs[113]),/* "dsaWithSHA1" */
&(nid_objs[70]),/* "dsaWithSHA1-old" */
&(nid_objs[833]),/* "dsa_with_SHA224" */
&(nid_objs[834]),/* "dsa_with_SHA256" */
&(nid_objs[297]),/* "dvcs" */
&(nid_objs[827]),/* "ecdsa-with-Recommended" */
&(nid_objs[416]),/* "ecdsa-with-SHA1" */
@ -4486,6 +4496,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */
&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */
&(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */
&(nid_objs[833]),/* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */
&(nid_objs[834]),/* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */
&(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */
&(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */
&(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */

10
crypto/objects/obj_mac.h
View File

@ -2497,6 +2497,16 @@
#define NID_sha224 675
#define OBJ_sha224 OBJ_nist_hashalgs,4L
#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L
#define SN_dsa_with_SHA224 "dsa_with_SHA224"
#define NID_dsa_with_SHA224 833
#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L
#define SN_dsa_with_SHA256 "dsa_with_SHA256"
#define NID_dsa_with_SHA256 834
#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L
#define SN_hold_instruction_code "holdInstructionCode"
#define LN_hold_instruction_code "Hold Instruction Code"
#define NID_hold_instruction_code 430

2
crypto/objects/obj_mac.num
View File

@ -830,3 +830,5 @@ ecdsa_with_SHA224 829
ecdsa_with_SHA256 830
ecdsa_with_SHA384 831
ecdsa_with_SHA512 832
dsa_with_SHA224 833
dsa_with_SHA256 834

4
crypto/objects/obj_xref.h
View File

@ -30,6 +30,8 @@ static const nid_triple sigoid_srt[] =
{NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
{NID_dsa_with_SHA224, NID_sha224, NID_dsa},
{NID_dsa_with_SHA256, NID_sha256, NID_dsa},
};
static const nid_triple * const sigoid_srt_xref[] =
@ -50,12 +52,14 @@ static const nid_triple * const sigoid_srt_xref[] =
&sigoid_srt[10],
&sigoid_srt[11],
&sigoid_srt[13],
&sigoid_srt[28],
&sigoid_srt[24],
&sigoid_srt[14],
&sigoid_srt[25],
&sigoid_srt[15],
&sigoid_srt[26],
&sigoid_srt[16],
&sigoid_srt[27],
&sigoid_srt[23],
&sigoid_srt[17],
&sigoid_srt[18],

3
crypto/objects/obj_xref.txt
View File

@ -33,6 +33,9 @@ ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey
ecdsa_with_Recommended undef X9_62_id_ecPublicKey
ecdsa_with_Specified undef X9_62_id_ecPublicKey
dsa_with_SHA224 sha224 dsa
dsa_with_SHA256 sha256 dsa
id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001
id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94
id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc

5
crypto/objects/objects.txt
View File

@ -831,6 +831,11 @@ nist_hashalgs 2 : SHA384 : sha384
nist_hashalgs 3 : SHA512 : sha512
nist_hashalgs 4 : SHA224 : sha224
# OIDs for dsa-with-sha224 and dsa-with-sha256
!Alias dsa_with_sha2 nistAlgorithms 3
dsa_with_sha2 1 : dsa_with_SHA224
dsa_with_sha2 2 : dsa_with_SHA256
# Hold instruction CRL entry extension
!Cname hold-instruction-code
id-ce 23 : holdInstructionCode : Hold Instruction Code