int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) { int sig_nid; if (BIO_puts(bp, " Signature Algorithm: ") <= 0) return 0; if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; sig_nid = OBJ_obj2nid(sigalg->algorithm); if (sig_nid != NID_undef) { int pkey_nid, dig_nid; const EVP_PKEY_ASN1_METHOD *ameth; if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); if (ameth && ameth->sig_print) return ameth->sig_print(bp, sigalg, sig, 9, 0); } } if (sig) return X509_signature_dump(bp, sig, 9); else if (BIO_puts(bp, "\n") <= 0) return 0; return 1; }
int EVP_PKEY_type(int nid) { const EVP_PKEY_ASN1_METHOD *meth = EVP_PKEY_asn1_find(NULL, nid); if (meth == NULL) { return NID_undef; } return meth->pkey_id; }
int EVP_PKEY_type(int type) { int ret; const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *e; ameth = EVP_PKEY_asn1_find(&e, type); if (ameth) ret = ameth->pkey_id; else ret = NID_undef; #ifndef OPENSSL_NO_ENGINE ENGINE_finish(e); #endif return ret; }
static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) { const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *e = NULL; if (pkey) { if (pkey->pkey.ptr) EVP_PKEY_free_it(pkey); /* If key type matches and a method exists then this * lookup has succeeded once so just indicate success. */ if ((type == pkey->save_type) && pkey->ameth) return 1; #ifndef OPENSSL_NO_ENGINE /* If we have an ENGINE release it */ if (pkey->engine) { ENGINE_finish(pkey->engine); pkey->engine = NULL; } #endif } if (str) ameth = EVP_PKEY_asn1_find_str(&e, str, len); else ameth = EVP_PKEY_asn1_find(&e, type); #ifndef OPENSSL_NO_ENGINE if (!pkey && e) ENGINE_finish(e); #endif if (!ameth) { EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); return 0; } if (pkey) { pkey->ameth = ameth; pkey->engine = e; pkey->type = pkey->ameth->pkey_id; pkey->save_type=type; } return 1; }
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) { const EVP_PKEY_ASN1_METHOD *ameth; if (pkey && pkey->pkey.ptr) { free_it(pkey); } ameth = EVP_PKEY_asn1_find(NULL, type); if (ameth == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); return 0; } if (pkey) { pkey->ameth = ameth; pkey->type = pkey->ameth->pkey_id; } return 1; }
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) { const EVP_PKEY_ASN1_METHOD *ameth; if (pkey && pkey->pkey.ptr) { free_it(pkey); } ameth = EVP_PKEY_asn1_find(NULL, type); if (ameth == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_PKEY_set_type, EVP_R_UNSUPPORTED_ALGORITHM); ERR_add_error_dataf("algorithm %d (%s)", type, OBJ_nid2sn(type)); return 0; } if (pkey) { pkey->ameth = ameth; pkey->type = pkey->ameth->pkey_id; } return 1; }
static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, const ASN1_STRING *sig) { int pknid, mdnid; const EVP_MD *md; siginf->mdnid = NID_undef; siginf->pknid = NID_undef; siginf->secbits = -1; siginf->flags = 0; if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid) || pknid == NID_undef) return; siginf->pknid = pknid; if (mdnid == NID_undef) { /* If we have one, use a custom handler for this algorithm */ const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid); if (ameth == NULL || ameth->siginf_set == NULL || ameth->siginf_set(siginf, alg, sig) == 0) return; siginf->flags |= X509_SIG_INFO_VALID; return; } siginf->flags |= X509_SIG_INFO_VALID; siginf->mdnid = mdnid; md = EVP_get_digestbynid(mdnid); if (md == NULL) return; /* Security bits: half number of bits in digest */ siginf->secbits = EVP_MD_size(md) * 4; switch (mdnid) { case NID_sha1: case NID_sha256: case NID_sha384: case NID_sha512: siginf->flags |= X509_SIG_INFO_TLS; } }
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { EVP_MD_CTX ctx; unsigned char *buf_in=NULL; int ret= -1,inl; const EVP_PKEY_ASN1_METHOD *ameth; int mdnid, pknid; if (!pkey) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_PASSED_NULL_PARAMETER); return 1; } EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } if (mdnid == NID_undef) { if (!pkey->ameth || !pkey->ameth->item_verify) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); /* Return value of 2 means carry on, anything else means we * exit straight away: either a fatal error of the underlying * verification routine handles all verification. */ if (ret != 2) goto err; ret = -1; } else { const EVP_MD *type; type=EVP_get_digestbynid(mdnid); if (type == NULL) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } /* Check public key OID matches public key type */ ameth = EVP_PKEY_asn1_find(NULL, pknid); if (ameth == NULL || ameth->pkey_id != pkey->ameth->pkey_id) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ASN1_R_WRONG_PUBLIC_KEY_TYPE); goto err; } if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB); ret=0; goto err; } } inl = ASN1_item_i2d(asn, &buf_in, it); if (buf_in == NULL) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB); ret=0; goto err; } OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_DigestVerifyFinal(&ctx,signature->data, (size_t)signature->length) <= 0) { OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB); ret=0; goto err; } /* we don't need to zero the 'ctx' because we just checked * public information */ /* memset(&ctx,0,sizeof(ctx)); */ ret=1; err: EVP_MD_CTX_cleanup(&ctx); return(ret); }