diff options
| author | David Benjamin <davidben@chromium.org> | 2014-10-09 22:50:20 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-10-10 01:52:52 +0400 |
| commit | 8f160a680b855328df7c33b03f8e9c9eefd59a84 (patch) | |
| tree | e65f2cda2282d84c5b1ab982be6b610d2e531d5d /include/openssl/evp.h | |
| parent | 2e1594dfb5f4efd9e93f1cc3db04e64f64ace5b4 (diff) | |
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm.
Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify
out. This makes it possible to initialize a signature context from an
AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void*
pair and reserialized.
Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50
Reviewed-on: https://boringssl-review.googlesource.com/1916
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include/openssl/evp.h')
| -rw-r--r-- | include/openssl/evp.h | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 091912f2..fcbb0856 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -247,6 +247,15 @@ OPENSSL_EXPORT int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, OPENSSL_EXPORT int EVP_DigestSignFinal(EVP_MD_CTX *ctx, uint8_t *out_sig, size_t *out_sig_len); +/* EVP_DigestSignAlgorithm encodes the signing parameters of |ctx| as an + * AlgorithmIdentifer and saves the result in |algor|. + * + * It returns one on success, or zero on error. + * + * TODO(davidben): This API should eventually lose the dependency on + * crypto/asn1/. */ +OPENSSL_EXPORT int EVP_DigestSignAlgorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor); + /* Verifying */ @@ -261,6 +270,18 @@ OPENSSL_EXPORT int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +/* EVP_DigestVerifyInitFromAlgorithm sets up |ctx| for a signature verification + * operation with public key |pkey| and parameters from |algor|. The |ctx| + * argument must have been initialised with |EVP_MD_CTX_init|. + * + * It returns one on success, or zero on error. + * + * TODO(davidben): This API should eventually lose the dependency on + * crypto/asn1/. */ +OPENSSL_EXPORT int EVP_DigestVerifyInitFromAlgorithm(EVP_MD_CTX *ctx, + X509_ALGOR *algor, + EVP_PKEY *pkey); + /* EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which * will be verified by |EVP_DigestVerifyFinal|. It returns one on success and * zero otherwise. */ @@ -813,6 +834,8 @@ struct evp_pkey_st { #define EVP_F_pkey_rsa_encrypt 152 #define EVP_F_pkey_rsa_decrypt 153 #define EVP_F_hmac_signctx 154 +#define EVP_F_EVP_DigestVerifyInitFromAlgorithm 155 +#define EVP_F_EVP_DigestSignAlgorithm 156 #define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 100 #define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 101 #define EVP_R_INVALID_DIGEST_TYPE 102 @@ -859,5 +882,6 @@ struct evp_pkey_st { #define EVP_R_DECODE_ERROR 143 #define EVP_R_INVALID_PSS_SALTLEN 144 #define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 145 +#define EVP_R_CONTEXT_NOT_INITIALISED 146 #endif /* OPENSSL_HEADER_EVP_H */ |