diff options
| author | David Benjamin <davidben@chromium.org> | 2014-11-12 07:47:50 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-11-19 01:18:36 +0300 |
| commit | c20febe17747674ede52072e85fb944cd55637a6 (patch) | |
| tree | 4643338c1bb11a85c62cdfaad3eed463829b7d27 /crypto/evp | |
| parent | ca6c82643ae885f94acff27ddd93bfb73fda3af5 (diff) | |
Add EVP_PKEY_supports_digest.
This is intended for TLS client auth with Windows CAPI- and CNG-backed keys
which implement sign over sign_raw and do not support all hash functions. Only
plumbed through RSA for now.
Change-Id: Ica42e7fb026840f817a169da9372dda226f7d6fd
Reviewed-on: https://boringssl-review.googlesource.com/2250
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/evp.c | 7 | ||||
| -rw-r--r-- | crypto/evp/internal.h | 6 | ||||
| -rw-r--r-- | crypto/evp/p_ec_asn1.c | 1 | ||||
| -rw-r--r-- | crypto/evp/p_hmac_asn1.c | 2 | ||||
| -rw-r--r-- | crypto/evp/p_rsa_asn1.c | 5 |
5 files changed, 20 insertions, 1 deletions
diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c index c7c4ffbd..ab84b482 100644 --- a/crypto/evp/evp.c +++ b/crypto/evp/evp.c @@ -124,6 +124,13 @@ int EVP_PKEY_is_opaque(const EVP_PKEY *pkey) { return 0; } +int EVP_PKEY_supports_digest(const EVP_PKEY *pkey, const EVP_MD *md) { + if (pkey->ameth && pkey->ameth->pkey_supports_digest) { + return pkey->ameth->pkey_supports_digest(pkey, md); + } + return 1; +} + int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { if (a->type != b->type) { return -1; diff --git a/crypto/evp/internal.h b/crypto/evp/internal.h index ff310e96..2b0f6088 100644 --- a/crypto/evp/internal.h +++ b/crypto/evp/internal.h @@ -106,6 +106,12 @@ struct evp_pkey_asn1_method_st { * custom implementations which do not expose key material and parameters.*/ int (*pkey_opaque)(const EVP_PKEY *pk); + /* pkey_supports_digest returns one if |pkey| supports digests of + * type |md|. This is intended for use with EVP_PKEYs backing custom + * implementations which can't sign all digests. If null, it is + * assumed that all digests are supported. */ + int (*pkey_supports_digest)(const EVP_PKEY *pkey, const EVP_MD *md); + int (*pkey_size)(const EVP_PKEY *pk); int (*pkey_bits)(const EVP_PKEY *pk); diff --git a/crypto/evp/p_ec_asn1.c b/crypto/evp/p_ec_asn1.c index a423fb88..48a175b2 100644 --- a/crypto/evp/p_ec_asn1.c +++ b/crypto/evp/p_ec_asn1.c @@ -555,6 +555,7 @@ const EVP_PKEY_ASN1_METHOD ec_asn1_meth = { eckey_priv_print, eckey_opaque, + 0 /* pkey_supports_digest */, int_ec_size, ec_bits, diff --git a/crypto/evp/p_hmac_asn1.c b/crypto/evp/p_hmac_asn1.c index 06ba0e59..8aa66764 100644 --- a/crypto/evp/p_hmac_asn1.c +++ b/crypto/evp/p_hmac_asn1.c @@ -80,7 +80,7 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { "HMAC", "OpenSSL HMAC method", 0 /* pub_decode */, 0 /* pub_encode */, 0 /* pub_cmp */, 0 /* pub_print */, 0 /*priv_decode */, 0 /* priv_encode */, 0 /* priv_print */, - 0 /* pkey_opaque */, + 0 /* pkey_opaque */, 0 /* pkey_supports_digest */, hmac_size, 0 /* pkey_bits */, 0 /* param_decode */, 0 /* param_encode*/, 0 /* param_missing*/, 0 /* param_copy*/, 0 /* param_cmp*/, 0 /* param_print*/, 0 /* sig_print*/, diff --git a/crypto/evp/p_rsa_asn1.c b/crypto/evp/p_rsa_asn1.c index 9c885125..f478d50c 100644 --- a/crypto/evp/p_rsa_asn1.c +++ b/crypto/evp/p_rsa_asn1.c @@ -153,6 +153,10 @@ static int rsa_opaque(const EVP_PKEY *pkey) { return RSA_is_opaque(pkey->pkey.rsa); } +static int rsa_supports_digest(const EVP_PKEY *pkey, const EVP_MD *md) { + return RSA_supports_digest(pkey->pkey.rsa, md); +} + static int int_rsa_size(const EVP_PKEY *pkey) { return RSA_size(pkey->pkey.rsa); } @@ -683,6 +687,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = { rsa_priv_print, rsa_opaque, + rsa_supports_digest, int_rsa_size, rsa_bits, |