generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add sign/verify digest API to handle an explicit digest instead of finalising

Browse Source 
a context.
This commit is contained in:
Dr. Stephen Henson 2011-02-02 14:21:33 +00:00
parent b6104f9ad8
commit a5b196a22c
4 changed files with 60 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/dsa/dsa.h
View File

@ -209,7 +209,10 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *);
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
DSA * FIPS_dsa_new(void); DSA * FIPS_dsa_new(void);
void FIPS_dsa_free (DSA *r); void FIPS_dsa_free (DSA *r);
DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen);
DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx); DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx);
int FIPS_dsa_verify_digest(DSA *dsa,
const unsigned char *dig, int dlen, DSA_SIG *s);
int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s); int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s);
#endif #endif

8
crypto/rsa/rsa.h
View File

@ -321,9 +321,17 @@ void FIPS_rsa_free(RSA *r);
int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx, int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash, int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
unsigned char *sigret, unsigned int *siglen); unsigned char *sigret, unsigned int *siglen);
int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
unsigned char *sigret, unsigned int *siglen);
int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx, int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash, int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
unsigned char *sigbuf, unsigned int siglen); unsigned char *sigbuf, unsigned int siglen);
int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
unsigned char *sigbuf, unsigned int siglen);
#endif #endif
void RSA_set_default_method(const RSA_METHOD *meth); void RSA_set_default_method(const RSA_METHOD *meth);

11
fips/dsa/fips_dsa_sign.c
View File

@ -82,6 +82,11 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx)
return s; return s;
} }
DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen)
{
return dsa->meth->dsa_do_sign(dig, dlen, dsa);
}
int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s) int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
{ {
int ret=-1; int ret=-1;
@ -93,4 +98,10 @@ int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
return ret; return ret;
} }
int FIPS_dsa_verify_digest(DSA *dsa,
const unsigned char *dig, int dlen, DSA_SIG *s)
{
return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
}
#endif #endif

58
fips/rsa/fips_rsa_sign.c
View File

@ -191,38 +191,48 @@ static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *l
} }
} }
int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx, int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash, int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
unsigned char *sigret, unsigned int *siglen) unsigned char *sigret, unsigned int *siglen)
{ {
unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE];
EVP_DigestFinal_ex(ctx, md, &md_len);
rv = FIPS_rsa_sign_digest(rsa, md, md_len,
M_EVP_MD_CTX_md(ctx),
rsa_pad_mode, saltlen,
mgf1Hash, sigret, siglen);
OPENSSL_cleanse(md, md_len);
return rv;
}
int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
unsigned char *sigret, unsigned int *siglen)
{
int i=0,j,ret=0; int i=0,j,ret=0;
unsigned int dlen; unsigned int dlen;
const unsigned char *der; const unsigned char *der;
unsigned int m_len;
const EVP_MD *mhash;
int md_type; int md_type;
/* Largest DigestInfo: 19 (max encoding) + max MD */ /* Largest DigestInfo: 19 (max encoding) + max MD */
unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE]; unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
unsigned char md[EVP_MAX_MD_SIZE + 1];
EVP_DigestFinal_ex(ctx, md, &m_len);
mhash = M_EVP_MD_CTX_md(ctx);
md_type = M_EVP_MD_type(mhash); md_type = M_EVP_MD_type(mhash);
if (rsa_pad_mode == RSA_X931_PADDING) if (rsa_pad_mode == RSA_X931_PADDING)
{ {
int hash_id; int hash_id;
memcpy(tmpdinfo, md, m_len); memcpy(tmpdinfo, md, md_len);
hash_id = RSA_X931_hash_id(md_type); hash_id = RSA_X931_hash_id(md_type);
if (hash_id == -1) if (hash_id == -1)
{ {
RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
return 0; return 0;
} }
tmpdinfo[m_len] = (unsigned char)hash_id; tmpdinfo[md_len] = (unsigned char)hash_id;
i = m_len + 1; i = md_len + 1;
} }
else if (rsa_pad_mode == RSA_PKCS1_PADDING) else if (rsa_pad_mode == RSA_PKCS1_PADDING)
{ {
@ -235,9 +245,9 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
return 0; return 0;
} }
memcpy(tmpdinfo, der, dlen); memcpy(tmpdinfo, der, dlen);
memcpy(tmpdinfo + dlen, md, m_len); memcpy(tmpdinfo + dlen, md, md_len);
i = dlen + m_len; i = dlen + md_len;
} }
else if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING) else if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING)
@ -260,7 +270,6 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
*siglen=j; *siglen=j;
} }
psserr: psserr:
OPENSSL_cleanse(md,m_len);
OPENSSL_cleanse(sbuf, i); OPENSSL_cleanse(sbuf, i);
OPENSSL_free(sbuf); OPENSSL_free(sbuf);
return ret; return ret;
@ -282,7 +291,6 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
done: done:
OPENSSL_cleanse(tmpdinfo,i); OPENSSL_cleanse(tmpdinfo,i);
OPENSSL_cleanse(md,m_len);
return ret; return ret;
} }
@ -290,12 +298,25 @@ int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash, int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
unsigned char *sigbuf, unsigned int siglen) unsigned char *sigbuf, unsigned int siglen)
{ {
unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE];
EVP_DigestFinal_ex(ctx, md, &md_len);
rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx),
rsa_pad_mode, saltlen, mgf1Hash,
sigbuf, siglen);
OPENSSL_cleanse(md, md_len);
return rv;
}
int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
unsigned char *sigbuf, unsigned int siglen)
{
int i,ret=0; int i,ret=0;
unsigned int dlen, diglen; unsigned int dlen;
unsigned char *s; unsigned char *s;
const unsigned char *der; const unsigned char *der;
unsigned char dig[EVP_MAX_MD_SIZE];
const EVP_MD *mhash;
int md_type; int md_type;
int rsa_dec_pad_mode; int rsa_dec_pad_mode;
@ -305,11 +326,8 @@ int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
return(0); return(0);
} }
mhash = M_EVP_MD_CTX_md(ctx);
md_type = M_EVP_MD_type(mhash); md_type = M_EVP_MD_type(mhash);
EVP_DigestFinal_ex(ctx, dig, &diglen);
s= OPENSSL_malloc((unsigned int)siglen); s= OPENSSL_malloc((unsigned int)siglen);
if (s == NULL) if (s == NULL)
{ {