diff options
Diffstat (limited to 'src/openssl/signatures.c')
-rw-r--r-- | src/openssl/signatures.c | 1905 |
1 files changed, 689 insertions, 1216 deletions
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c index 7e3dbc7d..5cb6f7b8 100644 --- a/src/openssl/signatures.c +++ b/src/openssl/signatures.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -22,92 +22,145 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> +/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html): + * + * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. + */ +#if !defined(XMLSEC_OPENSSL_110) +#define EVP_MD_CTX_new() EVP_MD_CTX_create() +#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) +#define EVP_MD_CTX_md_data(x) ((x)->md_data) + #ifndef XMLSEC_NO_DSA +/* we expect the r/s to be NOT NULL */ +static void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, ECDSA_SIG *sig) { + if (pr != NULL) { + if(sig->r == NULL) { + sig->r = BN_new(); + } + *pr = sig->r; + } + if (ps != NULL) { + if(sig->s == NULL) { + sig->s = BN_new(); + } + *ps = sig->s; + } +} +#endif /* XMLSEC_NO_ECDSA */ -#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE (20 * 2) +#endif /* !defined(XMLSEC_OPENSSL_110) */ -#ifndef XMLSEC_NO_SHA1 -static const EVP_MD *xmlSecOpenSSLDsaSha1Evp (void); -#endif /* XMLSEC_NO_SHA1 */ +/* Preparation for OpenSSL 1.1.0 compatibility: we expect the r/s to be NOT NULL */ +#ifndef XMLSEC_NO_DSA +static void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig) { + if (pr != NULL) { + if(sig->r == NULL) { + sig->r = BN_new(); + } + *pr = sig->r; + } + if (ps != NULL) { + if(sig->s == NULL) { + sig->s = BN_new(); + } + *ps = sig->s; + } +} +#endif /* XMLSEC_NO_DSA */ -#ifndef XMLSEC_NO_SHA256 -#ifdef XMLSEC_OPENSSL_100 -static const EVP_MD *xmlSecOpenSSLDsaSha256Evp (void); -#endif /* XMLSEC_OPENSSL_100 */ -#endif /* XMLSEC_NO_SHA256 */ -#endif /* XMLSEC_NO_DSA */ -#ifndef XMLSEC_NO_ECDSA -#define XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE ((512 / 8) * 2) +/************************************************************************** + * + * Internal OpenSSL signatures ctx: forward declarations + * + *****************************************************************************/ +typedef struct _xmlSecOpenSSLSignatureCtx xmlSecOpenSSLSignatureCtx, + *xmlSecOpenSSLSignatureCtxPtr; -#ifndef XMLSEC_NO_SHA1 -static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp (void); -#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_DSA -#ifndef XMLSEC_NO_SHA224 -static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp (void); -#endif /* XMLSEC_NO_SHA224 */ +static int xmlSecOpenSSLSignatureDsaSign (xmlSecOpenSSLSignatureCtxPtr ctx, + xmlSecBufferPtr out); +static int xmlSecOpenSSLSignatureDsaVerify (xmlSecOpenSSLSignatureCtxPtr ctx, + const xmlSecByte* signData, + xmlSecSize signSize); +#endif /* XMLSEC_NO_DSA */ -#ifndef XMLSEC_NO_SHA256 -static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp (void); -#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_ECDSA -#ifndef XMLSEC_NO_SHA384 -static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp (void); -#endif /* XMLSEC_NO_SHA384 */ +static int xmlSecOpenSSLSignatureEcdsaSign (xmlSecOpenSSLSignatureCtxPtr ctx, + xmlSecBufferPtr out); +static int xmlSecOpenSSLSignatureEcdsaVerify (xmlSecOpenSSLSignatureCtxPtr ctx, + const xmlSecByte* signData, + xmlSecSize signSize); -#ifndef XMLSEC_NO_SHA512 -static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp (void); -#endif /* XMLSEC_NO_SHA512 */ #endif /* XMLSEC_NO_ECDSA */ + + +/************************************************************************** + * + * Sign/verify callbacks + * + *****************************************************************************/ +typedef int (*xmlSecOpenSSLSignatureSignCallback) (xmlSecOpenSSLSignatureCtxPtr ctx, + xmlSecBufferPtr out); +typedef int (*xmlSecOpenSSLSignatureVerifyCallback) (xmlSecOpenSSLSignatureCtxPtr ctx, + const xmlSecByte* signData, + xmlSecSize signSize); + /************************************************************************** * - * Internal OpenSSL evp signatures ctx + * Internal OpenSSL signatures ctx * *****************************************************************************/ -typedef struct _xmlSecOpenSSLEvpSignatureCtx xmlSecOpenSSLEvpSignatureCtx, - *xmlSecOpenSSLEvpSignatureCtxPtr; -struct _xmlSecOpenSSLEvpSignatureCtx { - const EVP_MD* digest; - EVP_MD_CTX digestCtx; - xmlSecKeyDataId keyId; - EVP_PKEY* pKey; +struct _xmlSecOpenSSLSignatureCtx { + const EVP_MD* digest; + EVP_MD_CTX* digestCtx; + xmlSecKeyDataId keyId; + xmlSecOpenSSLSignatureSignCallback signCallback; + xmlSecOpenSSLSignatureVerifyCallback verifyCallback; + EVP_PKEY* pKey; + unsigned char dgst[EVP_MAX_MD_SIZE]; + unsigned int dgstSize; }; + + /****************************************************************************** * - * EVP Signature transforms + * Signature transforms * - * xmlSecOpenSSLEvpSignatureCtx is located after xmlSecTransform + * xmlSecOpenSSLSignatureCtx is located after xmlSecTransform * *****************************************************************************/ -#define xmlSecOpenSSLEvpSignatureSize \ - (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLEvpSignatureCtx)) -#define xmlSecOpenSSLEvpSignatureGetCtx(transform) \ - ((xmlSecOpenSSLEvpSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) - -static int xmlSecOpenSSLEvpSignatureCheckId (xmlSecTransformPtr transform); -static int xmlSecOpenSSLEvpSignatureInitialize (xmlSecTransformPtr transform); -static void xmlSecOpenSSLEvpSignatureFinalize (xmlSecTransformPtr transform); -static int xmlSecOpenSSLEvpSignatureSetKeyReq (xmlSecTransformPtr transform, +#define xmlSecOpenSSLSignatureSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLSignatureCtx)) +#define xmlSecOpenSSLSignatureGetCtx(transform) \ + ((xmlSecOpenSSLSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + +static int xmlSecOpenSSLSignatureCheckId (xmlSecTransformPtr transform); +static int xmlSecOpenSSLSignatureInitialize (xmlSecTransformPtr transform); +static void xmlSecOpenSSLSignatureFinalize (xmlSecTransformPtr transform); +static int xmlSecOpenSSLSignatureSetKeyReq (xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq); -static int xmlSecOpenSSLEvpSignatureSetKey (xmlSecTransformPtr transform, +static int xmlSecOpenSSLSignatureSetKey (xmlSecTransformPtr transform, xmlSecKeyPtr key); -static int xmlSecOpenSSLEvpSignatureVerify (xmlSecTransformPtr transform, +static int xmlSecOpenSSLSignatureVerify (xmlSecTransformPtr transform, const xmlSecByte* data, xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx); -static int xmlSecOpenSSLEvpSignatureExecute (xmlSecTransformPtr transform, +static int xmlSecOpenSSLSignatureExecute (xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx); static int -xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { +xmlSecOpenSSLSignatureCheckId(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_DSA #ifndef XMLSEC_NO_SHA1 @@ -158,58 +211,6 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_ECDSA */ -#ifndef XMLSEC_NO_RSA - -#ifndef XMLSEC_NO_MD5 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) { - return(1); - } else -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) { - return(1); - } else -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA1 */ - -#ifndef XMLSEC_NO_SHA224 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA224 */ - -#ifndef XMLSEC_NO_SHA256 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - -#ifndef XMLSEC_NO_GOST - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) { - return(1); - } else -#endif /* XMLSEC_NO_GOST*/ - { return(0); } @@ -218,33 +219,36 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { } static int -xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureInitialize(xmlSecTransformPtr transform) { + xmlSecOpenSSLSignatureCtxPtr ctx; + int ret; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); - memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx)); + memset(ctx, 0, sizeof(xmlSecOpenSSLSignatureCtx)); #ifndef XMLSEC_NO_DSA #ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha1Id)) { - ctx->digest = xmlSecOpenSSLDsaSha1Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataDsaId; + ctx->digest = EVP_sha1(); + ctx->keyId = xmlSecOpenSSLKeyDataDsaId; + ctx->signCallback = xmlSecOpenSSLSignatureDsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureDsaVerify; } else #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA256 -#ifdef XMLSEC_OPENSSL_100 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha256Id)) { - ctx->digest = xmlSecOpenSSLDsaSha256Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataDsaId; + ctx->digest = EVP_sha256(); + ctx->keyId = xmlSecOpenSSLKeyDataDsaId; + ctx->signCallback = xmlSecOpenSSLSignatureDsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureDsaVerify; } else -#endif /* XMLSEC_OPENSSL_100 */ #endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ @@ -253,157 +257,118 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha1Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha1Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha1(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA224 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha224Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha224Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha224(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha256Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha256Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha256(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA256 */ #ifndef XMLSEC_NO_SHA384 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha384Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha384Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha384(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA384 */ #ifndef XMLSEC_NO_SHA512 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha512Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha512Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha512(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA512 */ #endif /* XMLSEC_NO_ECDSA */ -#ifndef XMLSEC_NO_RSA - -#ifndef XMLSEC_NO_MD5 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) { - ctx->digest = EVP_md5(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) { - ctx->digest = EVP_ripemd160(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) { - ctx->digest = EVP_sha1(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA1 */ - -#ifndef XMLSEC_NO_SHA224 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) { - ctx->digest = EVP_sha224(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA224 */ - -#ifndef XMLSEC_NO_SHA256 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) { - ctx->digest = EVP_sha256(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) { - ctx->digest = EVP_sha384(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) { - ctx->digest = EVP_sha512(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - -#ifndef XMLSEC_NO_GOST - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) { - ctx->keyId = xmlSecOpenSSLKeyDataGost2001Id; - ctx->digest = EVP_get_digestbyname("md_gost94"); - if (!ctx->digest) - { + if(1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_TRANSFORM, XMLSEC_ERRORS_NO_MESSAGE); return(-1); - } - } else -#endif /* XMLSEC_NO_GOST*/ + } - if(1) { + /* create/init digest CTX */ + ctx->digestCtx = EVP_MD_CTX_new(); + if(ctx->digestCtx == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, + "EVP_MD_CTX_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = EVP_DigestInit(ctx->digestCtx, ctx->digest); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_DigestInit", + XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } -#ifndef XMLSEC_OPENSSL_096 - EVP_MD_CTX_init(&(ctx->digestCtx)); -#endif /* XMLSEC_OPENSSL_096 */ + /* done */ return(0); } static void -xmlSecOpenSSLEvpSignatureFinalize(xmlSecTransformPtr transform) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureFinalize(xmlSecTransformPtr transform) { + xmlSecOpenSSLSignatureCtxPtr ctx; - xmlSecAssert(xmlSecOpenSSLEvpSignatureCheckId(transform)); - xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize)); + xmlSecAssert(xmlSecOpenSSLSignatureCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize)); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert(ctx != NULL); if(ctx->pKey != NULL) { EVP_PKEY_free(ctx->pKey); } -#ifndef XMLSEC_OPENSSL_096 - EVP_MD_CTX_cleanup(&(ctx->digestCtx)); -#endif /* XMLSEC_OPENSSL_096 */ - memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx)); + if(ctx->digestCtx != NULL) { + EVP_MD_CTX_free(ctx->digestCtx); + } + + memset(ctx, 0, sizeof(xmlSecOpenSSLSignatureCtx)); } static int -xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecOpenSSLSignatureCtxPtr ctx; xmlSecKeyDataPtr value; EVP_PKEY* pKey; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); xmlSecAssert2(key != NULL, -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->digest != NULL, -1); xmlSecAssert2(ctx->keyId != NULL, -1); @@ -440,15 +405,15 @@ xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) } static int -xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecOpenSSLSignatureCtxPtr ctx; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); xmlSecAssert2(keyReq != NULL, -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->keyId != NULL, -1); @@ -465,136 +430,95 @@ xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPt static int -xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform, +xmlSecOpenSSLSignatureVerify(xmlSecTransformPtr transform, const xmlSecByte* data, xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; + xmlSecOpenSSLSignatureCtxPtr ctx; int ret; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); xmlSecAssert2(data != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->verifyCallback != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); - ret = EVP_VerifyFinal(&(ctx->digestCtx), (xmlSecByte*)data, dataSize, ctx->pKey); + ret = (ctx->verifyCallback)(ctx, data, dataSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, + "verifyCallback", + XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); - } else if(ret != 1) { + } + + /* check signature results */ + if(ret == 1) { + transform->status = xmlSecTransformStatusOk; + } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyFinal", + "verifyCallback", XMLSEC_ERRORS_R_DATA_NOT_MATCH, "signature do not match"); transform->status = xmlSecTransformStatusFail; - return(0); } - transform->status = xmlSecTransformStatusOk; + /* done */ return(0); } static int -xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecOpenSSLSignatureCtxPtr ctx; xmlSecBufferPtr in, out; xmlSecSize inSize; xmlSecSize outSize; int ret; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); xmlSecAssert2(transformCtx != NULL, -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->signCallback != NULL, -1); + xmlSecAssert2(ctx->verifyCallback != NULL, -1); in = &(transform->inBuf); out = &(transform->outBuf); inSize = xmlSecBufferGetSize(in); outSize = xmlSecBufferGetSize(out); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->digest != NULL, -1); + xmlSecAssert2(ctx->digestCtx != NULL, -1); xmlSecAssert2(ctx->pKey != NULL, -1); if(transform->status == xmlSecTransformStatusNone) { xmlSecAssert2(outSize == 0, -1); - - if(transform->operation == xmlSecTransformOperationSign) { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_SignInit(&(ctx->digestCtx), ctx->digest); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#else /* XMLSEC_OPENSSL_096 */ - EVP_SignInit(&(ctx->digestCtx), ctx->digest); -#endif /* XMLSEC_OPENSSL_096 */ - } else { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_VerifyInit(&(ctx->digestCtx), ctx->digest); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#else /* XMLSEC_OPENSSL_096 */ - EVP_VerifyInit(&(ctx->digestCtx), ctx->digest); -#endif /* XMLSEC_OPENSSL_096 */ - } transform->status = xmlSecTransformStatusWorking; } if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) { xmlSecAssert2(outSize == 0, -1); - if(transform->operation == xmlSecTransformOperationSign) { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#else /* XMLSEC_OPENSSL_096 */ - EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); -#endif /* XMLSEC_OPENSSL_096 */ - } else { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#else /* XMLSEC_OPENSSL_096 */ - EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); -#endif /* XMLSEC_OPENSSL_096 */ + ret = EVP_DigestUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_DigestUpdate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); @@ -610,54 +534,32 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { xmlSecAssert2(outSize == 0, -1); - if(transform->operation == xmlSecTransformOperationSign) { - unsigned int signSize; - /* this is a hack: for rsa signatures - * we get size from EVP_PKEY_size(), - * for dsa signature we use a fixed constant */ - signSize = EVP_PKEY_size(ctx->pKey); -#ifndef XMLSEC_NO_DSA - if(signSize < XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) { - signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE; - } -#endif /* XMLSEC_NO_DSA */ -#ifndef XMLSEC_NO_ECDSA - if(signSize < XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE) { - signSize = XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE; - } -#endif /* XMLSEC_NO_ECDSA */ + ret = EVP_DigestFinal(ctx->digestCtx, ctx->dgst, &ctx->dgstSize); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xmlSecAssert2(ctx->dgstSize > 0, -1); - ret = xmlSecBufferSetMaxSize(out, signSize); + /* sign right away, verify will wait till separate call */ + if(transform->operation == xmlSecTransformOperationSign) { + ret = (ctx->signCallback)(ctx, out); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", + "signCallback", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%u", signSize); - return(-1); - } - - ret = EVP_SignFinal(&(ctx->digestCtx), xmlSecBufferGetData(out), &signSize, ctx->pKey); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - - ret = xmlSecBufferSetSize(out, signSize); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%u", signSize); - return(-1); - } } + + /* done! */ transform->status = xmlSecTransformStatusFinished; } @@ -677,6 +579,7 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT } #ifndef XMLSEC_NO_DSA + /**************************************************************************** * * DSA EVP @@ -704,81 +607,257 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT * ***************************************************************************/ static int -xmlSecOpenSSLDsaEvpSign(int type ATTRIBUTE_UNUSED, - const unsigned char *dgst, unsigned int dlen, - unsigned char *sig, unsigned int *siglen, void *dsa) { - DSA_SIG *s; - int rSize, sSize; - - s = DSA_do_sign(dgst, dlen, dsa); - if(s == NULL) { - *siglen=0; - return(0); +xmlSecOpenSSLSignatureDsaSign(xmlSecOpenSSLSignatureCtxPtr ctx, xmlSecBufferPtr out) { + DSA * dsaKey = NULL; + DSA_SIG *sig = NULL; + BIGNUM *rr = NULL, *ss = NULL; + xmlSecByte *outData; + xmlSecSize dsaSignSize, signHalfSize, rSize, sSize; + int res = -1; + int ret; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); + xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1); + xmlSecAssert2(out != NULL, -1); + + /* get key */ + dsaKey = EVP_PKEY_get1_DSA(ctx->pKey); + if(dsaKey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "EVP_PKEY_get1_DSA", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } - rSize = BN_num_bytes(s->r); - sSize = BN_num_bytes(s->s); - if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) || - (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) { + /* signature size = r + s + 8 bytes, we just need r+s */ + dsaSignSize = DSA_size(dsaKey); + if(dsaSignSize < 8) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, + "DSA_size", + XMLSEC_ERRORS_R_INVALID_SIZE, + "dsaSignSize=%d", (int)dsaSignSize); + goto done; + } + + signHalfSize = (dsaSignSize - 8) / 2; + if(signHalfSize < 4) { + xmlSecError(XMLSEC_ERRORS_HERE, NULL, + "signHalfSize", XMLSEC_ERRORS_R_INVALID_SIZE, - "size(r)=%d or size(s)=%d > %d", - rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2); - DSA_SIG_free(s); - return(0); + "signHalfSize=%d", (int)signHalfSize); + goto done; } - memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE); - BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize); - BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize); - *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE; + /* calculate signature */ + sig = DSA_do_sign(ctx->dgst, ctx->dgstSize, dsaKey); + if(sig == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_do_sign", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } - DSA_SIG_free(s); - return(1); + /* get signature components */ + DSA_SIG_get0(&rr, &ss, sig); + if((rr == NULL) || (ss == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_SIG_get0", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + rSize = BN_num_bytes(rr); + if(rSize > signHalfSize) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_SIZE, + "rSize=%d > %d", + rSize, signHalfSize); + goto done; + } + sSize = BN_num_bytes(ss); + if(sSize > signHalfSize) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_SIZE, + "sSize=%d > %d", + sSize, signHalfSize); + goto done; + } + + /* allocate buffer */ + ret = xmlSecBufferSetSize(out, 2 * signHalfSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", (int)(2 * signHalfSize)); + goto done; + } + outData = xmlSecBufferGetData(out); + xmlSecAssert2(outData != NULL, -1); + + /* write components */ + xmlSecAssert2((rSize + sSize) <= 2 * signHalfSize, -1); + memset(outData, 0, 2 * signHalfSize); + BN_bn2bin(rr, outData + signHalfSize - rSize); + BN_bn2bin(ss, outData + 2 * signHalfSize - sSize); + + /* success */ + res = 0; + +done: + /* cleanup */ + if(sig != NULL) { + DSA_SIG_free(sig); + } + if(dsaKey != NULL) { + DSA_free(dsaKey); + } + + /* done */ + return(res); } static int -xmlSecOpenSSLDsaEvpVerify(int type ATTRIBUTE_UNUSED, - const unsigned char *dgst, unsigned int dgst_len, - const unsigned char *sigbuf, unsigned int siglen, - void *dsa) { - DSA_SIG *s; - int ret = -1; +xmlSecOpenSSLSignatureDsaVerify(xmlSecOpenSSLSignatureCtxPtr ctx, const xmlSecByte* signData, xmlSecSize signSize) { + DSA * dsaKey = NULL; + DSA_SIG *sig = NULL; + BIGNUM *rr = NULL, *ss = NULL; + xmlSecSize dsaSignSize, signHalfSize; + int res = -1; + int ret; - s = DSA_SIG_new(); - if (s == NULL) { - return(ret); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); + xmlSecAssert2(signData != NULL, -1); + + /* get key */ + dsaKey = EVP_PKEY_get1_DSA(ctx->pKey); + if(dsaKey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "EVP_PKEY_get1_DSA", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* signature size = r + s + 8 bytes, we just need r+s */ + dsaSignSize = DSA_size(dsaKey); + if(dsaSignSize < 8) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_size", + XMLSEC_ERRORS_R_INVALID_SIZE, + "dsaSignSize=%d", (int)dsaSignSize); + goto done; + } + + signHalfSize = (dsaSignSize - 8) / 2; + if(signHalfSize < 4) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "signHalfSize", + XMLSEC_ERRORS_R_INVALID_SIZE, + "signHalfSize=%d", (int)signHalfSize); + goto done; } - if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) { + /* check size */ + if(signSize != 2 * signHalfSize) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, "invalid length %d (%d expected)", - siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE); + (int)signSize, (int)(2 * signHalfSize)); goto done; } - s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL); - s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2), - XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL); - if((s->r == NULL) || (s->s == NULL)) { + /* create/read signature */ + sig = DSA_SIG_new(); + if (sig == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "BN_bin2bn", + "DSA_SIG_new", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - ret = DSA_do_verify(dgst, dgst_len, s, dsa); + /* get signature components */ + DSA_SIG_get0(&rr, &ss, sig); + if((rr == NULL) || (ss == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_SIG_get0", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + rr = BN_bin2bn(signData, signHalfSize, rr); + if(rr == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BN_bin2bn(sig->r)", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + ss = BN_bin2bn(signData + signHalfSize, signHalfSize, ss); + if(ss == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BN_bin2bn(sig->s)", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* verify signature */ + ret = DSA_do_verify(ctx->dgst, ctx->dgstSize, sig, dsaKey); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_do_verify", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* return 1 for good signatures and 0 for bad */ + if(ret > 0) { + res = 1; + } else if(ret == 0) { + res = 0; + } done: - DSA_SIG_free(s); - return(ret); + /* cleanup */ + if(sig != NULL) { + DSA_SIG_free(sig); + } + if(dsaKey != NULL) { + DSA_free(dsaKey); + } + + /* done */ + return(res); } #ifndef XMLSEC_NO_SHA1 @@ -791,25 +870,25 @@ done: static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameDsaSha1, /* const xmlChar* name; */ xmlSecHrefDsaSha1, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -827,57 +906,6 @@ xmlSecOpenSSLTransformDsaSha1GetKlass(void) { return(&xmlSecOpenSSLDsaSha1Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLDsaSha1MdEvp = { - NID_dsaWithSHA, - NID_dsaWithSHA, - SHA_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLDsaSha1EvpInit, - xmlSecOpenSSLDsaSha1EvpUpdate, - xmlSecOpenSSLDsaSha1EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA1_Init, - SHA1_Update, - SHA1_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLDsaEvpSign, - xmlSecOpenSSLDsaEvpVerify, - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0}, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX) -#ifdef XMLSEC_OPENSSL_100 - , NULL -#endif /* XMLSEC_OPENSSL_100 */ -}; - -static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void) -{ - return(&xmlSecOpenSSLDsaSha1MdEvp); -} - #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA256 @@ -890,25 +918,25 @@ static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void) static xmlSecTransformKlass xmlSecOpenSSLDsaSha256Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameDsaSha256, /* const xmlChar* name; */ xmlSecHrefDsaSha256, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -926,50 +954,6 @@ xmlSecOpenSSLTransformDsaSha256GetKlass(void) { return(&xmlSecOpenSSLDsaSha256Klass); } -#ifdef XMLSEC_OPENSSL_100 -static int -xmlSecOpenSSLDsaSha256EvpInit(EVP_MD_CTX *ctx) -{ - return SHA256_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLDsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA256_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLDsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA256_Final(md,ctx->md_data); -} - -static const EVP_MD xmlSecOpenSSLDsaSha256MdEvp = { - NID_dsa_with_SHA256, - NID_dsa_with_SHA256, - SHA256_DIGEST_LENGTH, - 0, - xmlSecOpenSSLDsaSha256EvpInit, - xmlSecOpenSSLDsaSha256EvpUpdate, - xmlSecOpenSSLDsaSha256EvpFinal, - NULL, - NULL, - xmlSecOpenSSLDsaEvpSign, - xmlSecOpenSSLDsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0}, - SHA256_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA256_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLDsaSha256Evp(void) -{ - return(&xmlSecOpenSSLDsaSha256MdEvp); -} -#endif /* XMLSEC_OPENSSL_100 */ - #endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ @@ -991,26 +975,18 @@ static const EVP_MD *xmlSecOpenSSLDsaSha256Evp(void) * octet-stream conversion MUST be done according to the I2OSP operation * defined in Section 4.1 of RFC 3447 [PKCS1] with the xLen parameter equal * to the size of the base point order of the curve in bytes (32 for the - * P-256 curve). + * P-256 curve and 66 for the P-521 curve). * ***************************************************************************/ -static int -xmlSecOpenSSLEcdsaEvpSign(int type ATTRIBUTE_UNUSED, - const unsigned char *dgst, unsigned int dlen, - unsigned char *sig, unsigned int *siglen, void *ecdsa) { - int rSize, sSize, xLen; +static xmlSecSize +xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(EC_KEY * ecKey) { const EC_GROUP *group; BIGNUM *order = NULL; - ECDSA_SIG *s; - int ret = 0; + xmlSecSize signHalfSize = 0; - s = ECDSA_do_sign(dgst, dlen, ecdsa); - if(s == NULL) { - *siglen = 0; - return(ret); - } + xmlSecAssert2(ecKey != NULL, 0); - group = EC_KEY_get0_group(ecdsa); + group = EC_KEY_get0_group(ecKey); if(group == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, @@ -1039,129 +1015,256 @@ xmlSecOpenSSLEcdsaEvpSign(int type ATTRIBUTE_UNUSED, goto done; } - xLen = BN_num_bytes(order); - if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) { + /* result */ + signHalfSize = BN_num_bytes(order); + +done: + /* cleanup */ + if(order != NULL) { + BN_clear_free(order); + } + + /* done */ + return(signHalfSize); +} + + +static int +xmlSecOpenSSLSignatureEcdsaSign(xmlSecOpenSSLSignatureCtxPtr ctx, xmlSecBufferPtr out) { + EC_KEY * ecKey = NULL; + ECDSA_SIG *sig = NULL; + BIGNUM *rr = NULL, *ss = NULL; + xmlSecByte *outData; + xmlSecSize signHalfSize, rSize, sSize; + int res = -1; + int ret; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); + xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1); + xmlSecAssert2(out != NULL, -1); + + /* get key */ + ecKey = EVP_PKEY_get1_EC_KEY(ctx->pKey); + if(ecKey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "EVP_PKEY_get1_DSA", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* calculate signature size */ + signHalfSize = xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(ecKey); + if(signHalfSize <= 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLSignatureEcdsaSignatureHalfSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* sign */ + sig = ECDSA_do_sign(ctx->dgst, ctx->dgstSize, ecKey); + if(sig == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "ECDSA_do_sign", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* get signature components */ + ECDSA_SIG_get0(&rr, &ss, sig); + if((rr == NULL) || (ss == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "ECDSA_SIG_get0", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* check sizes */ + rSize = BN_num_bytes(rr); + if(rSize > signHalfSize) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, - "xLen=%d > %d", - xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2); + "rSize=%d > %d", + (int)rSize, (int)signHalfSize); goto done; } - rSize = BN_num_bytes(s->r); - sSize = BN_num_bytes(s->s); - if((rSize > xLen) || (sSize > xLen)) { + sSize = BN_num_bytes(ss); + if(sSize > signHalfSize) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, - "size(r)=%d or size(s)=%d > %d", - rSize, sSize, xLen); + "sSize=%d > %d", + (int)sSize, (int)signHalfSize); + goto done; + } + + /* allocate buffer */ + ret = xmlSecBufferSetSize(out, 2 * signHalfSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", (int)(2 * signHalfSize)); goto done; } + outData = xmlSecBufferGetData(out); + xmlSecAssert2(outData != NULL, -1); - memset(sig, 0, xLen * 2); - BN_bn2bin(s->r, sig + xLen - rSize); - BN_bn2bin(s->s, sig + (xLen * 2) - sSize); - *siglen = xLen * 2; + /* write components */ + xmlSecAssert2((rSize + sSize) <= 2 * signHalfSize, -1); + memset(outData, 0, 2 * signHalfSize); + BN_bn2bin(rr, outData + signHalfSize - rSize); + BN_bn2bin(ss, outData + 2 * signHalfSize - sSize); - ret = 1; + /* success */ + res = 0; done: - if(order != NULL) { - BN_clear_free(order); + /* cleanup */ + if(sig != NULL) { + ECDSA_SIG_free(sig); + } + if(ecKey != NULL) { + EC_KEY_free(ecKey); } - ECDSA_SIG_free(s); - return(ret); + + /* done */ + return(res); } static int -xmlSecOpenSSLEcdsaEvpVerify(int type ATTRIBUTE_UNUSED, - const unsigned char *dgst, unsigned int dgst_len, - const unsigned char *sigbuf, unsigned int siglen, - void *ecdsa) { - const EC_GROUP *group; - unsigned int xLen; - BIGNUM *order = NULL; - ECDSA_SIG *s; - int ret = -1; +xmlSecOpenSSLSignatureEcdsaVerify(xmlSecOpenSSLSignatureCtxPtr ctx, const xmlSecByte* signData, xmlSecSize signSize) { + EC_KEY * ecKey = NULL; + ECDSA_SIG *sig = NULL; + BIGNUM *rr = NULL, *ss = NULL; + xmlSecSize signHalfSize; + int res = -1; + int ret; - s = ECDSA_SIG_new(); - if (s == NULL) { - return(ret); - } + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); + xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1); + xmlSecAssert2(signData != NULL, -1); - group = EC_KEY_get0_group(ecdsa); - if(group == NULL) { + /* get key */ + ecKey = EVP_PKEY_get1_EC_KEY(ctx->pKey); + if(ecKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "EC_KEY_get0_group", + "EVP_PKEY_get1_DSA", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - order = BN_new(); - if(order == NULL) { + /* calculate signature size */ + signHalfSize = xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(ecKey); + if(signHalfSize <= 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "BN_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, + "xmlSecOpenSSLSignatureEcdsaSignatureHalfSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - if(EC_GROUP_get_order(group, order, NULL) != 1) { + /* check size */ + if(signSize != 2 * signHalfSize) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "EC_GROUP_get_order", + NULL, + XMLSEC_ERRORS_R_INVALID_SIZE, + "invalid length %d (%d expected)", + (int)signSize, (int)(2 * signHalfSize)); + goto done; + } + + /* create/read signature */ + sig = ECDSA_SIG_new(); + if (sig == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_SIG_new", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - xLen = BN_num_bytes(order); - if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) { + /* get signature components */ + ECDSA_SIG_get0(&rr, &ss, sig); + if((rr == NULL) || (ss == NULL)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "xLen=%d > %d", - xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2); + "ECDSA_SIG_get0", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); goto done; } - if(siglen != xLen * 2) { + rr = BN_bin2bn(signData, signHalfSize, rr); + if(rr == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, + "BN_bin2bn(sig->r)", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + ss = BN_bin2bn(signData + signHalfSize, signHalfSize, ss); + if(ss == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "invalid length %d (%d expected)", - siglen, xLen * 2); + "BN_bin2bn(sig->s)", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); goto done; } - s->r = BN_bin2bn(sigbuf, xLen, NULL); - s->s = BN_bin2bn(sigbuf + xLen, xLen, NULL); - if((s->r == NULL) || (s->s == NULL)) { + /* verify signature */ + ret = ECDSA_do_verify(ctx->dgst, ctx->dgstSize, sig, ecKey); + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "BN_bin2bn", + "ECDSA_do_verify", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - ret = ECDSA_do_verify(dgst, dgst_len, s, ecdsa); + /* return 1 for good signatures and 0 for bad */ + if(ret > 0) { + res = 1; + } else if(ret == 0) { + res = 0; + } done: - if(order != NULL) { - BN_clear_free(order); + /* cleanup */ + if(sig != NULL) { + ECDSA_SIG_free(sig); + } + if(ecKey != NULL) { + EC_KEY_free(ecKey); } - ECDSA_SIG_free(s); - return(ret); + + /* done */ + return(res); } #ifndef XMLSEC_NO_SHA1 @@ -1174,25 +1277,25 @@ done: static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha1Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha1, /* const xmlChar* name; */ xmlSecHrefEcdsaSha1, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1210,56 +1313,6 @@ xmlSecOpenSSLTransformEcdsaSha1GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha1Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha1EvpInit(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha1MdEvp = { - NID_ecdsa_with_SHA1, - NID_ecdsa_with_SHA1, - SHA_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha1EvpInit, - xmlSecOpenSSLEcdsaSha1EvpUpdate, - xmlSecOpenSSLEcdsaSha1EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA1_Init, - SHA1_Update, - SHA1_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA1,0,0,0}, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha1MdEvp); -} - #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA224 @@ -1272,25 +1325,25 @@ static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp(void) static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha224Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha224, /* const xmlChar* name; */ xmlSecHrefEcdsaSha224, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1308,56 +1361,6 @@ xmlSecOpenSSLTransformEcdsaSha224GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha224Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha224EvpInit(EVP_MD_CTX *ctx) -{ - return SHA224_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha224EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA224_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha224EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA224_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha224MdEvp = { - NID_ecdsa_with_SHA224, - NID_ecdsa_with_SHA224, - SHA224_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha224EvpInit, - xmlSecOpenSSLEcdsaSha224EvpUpdate, - xmlSecOpenSSLEcdsaSha224EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA224_Init, - SHA224_Update, - SHA224_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA224,0,0,0}, - SHA256_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA256_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha224MdEvp); -} - #endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 @@ -1370,25 +1373,25 @@ static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp(void) static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha256Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha256, /* const xmlChar* name; */ xmlSecHrefEcdsaSha256, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1406,56 +1409,6 @@ xmlSecOpenSSLTransformEcdsaSha256GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha256Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha256EvpInit(EVP_MD_CTX *ctx) -{ - return SHA256_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA256_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA256_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha256MdEvp = { - NID_ecdsa_with_SHA256, - NID_ecdsa_with_SHA256, - SHA256_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha256EvpInit, - xmlSecOpenSSLEcdsaSha256EvpUpdate, - xmlSecOpenSSLEcdsaSha256EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA256_Init, - SHA256_Update, - SHA256_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA256,0,0,0}, - SHA256_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA256_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha256MdEvp); -} - #endif /* XMLSEC_NO_SHA256 */ #ifndef XMLSEC_NO_SHA384 @@ -1468,25 +1421,25 @@ static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp(void) static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha384Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha384, /* const xmlChar* name; */ xmlSecHrefEcdsaSha384, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1504,56 +1457,6 @@ xmlSecOpenSSLTransformEcdsaSha384GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha384Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha384EvpInit(EVP_MD_CTX *ctx) -{ - return SHA384_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha384EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA384_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha384EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA384_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha384MdEvp = { - NID_ecdsa_with_SHA384, - NID_ecdsa_with_SHA384, - SHA384_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha384EvpInit, - xmlSecOpenSSLEcdsaSha384EvpUpdate, - xmlSecOpenSSLEcdsaSha384EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA384_Init, - SHA384_Update, - SHA384_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA384,0,0,0}, - SHA512_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA512_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha384MdEvp); -} - #endif /* XMLSEC_NO_SHA384 */ #ifndef XMLSEC_NO_SHA512 @@ -1566,25 +1469,25 @@ static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp(void) static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha512Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha512, /* const xmlChar* name; */ xmlSecHrefEcdsaSha512, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1602,440 +1505,10 @@ xmlSecOpenSSLTransformEcdsaSha512GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha512Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha512EvpInit(EVP_MD_CTX *ctx) -{ - return SHA512_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha512EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA512_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha512EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA512_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha512MdEvp = { - NID_ecdsa_with_SHA512, - NID_ecdsa_with_SHA512, - SHA512_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha512EvpInit, - xmlSecOpenSSLEcdsaSha512EvpUpdate, - xmlSecOpenSSLEcdsaSha512EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA512_Init, - SHA512_Update, - SHA512_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA512,0,0,0}, - SHA512_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA512_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha512MdEvp); -} - #endif /* XMLSEC_NO_SHA512 */ #endif /* XMLSEC_NO_ECDSA */ -#ifndef XMLSEC_NO_RSA - -#ifndef XMLSEC_NO_MD5 -/**************************************************************************** - * - * RSA-MD5 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaMd5Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaMd5, /* const xmlChar* name; */ - xmlSecHrefRsaMd5, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaMd5GetKlass: - * - * The RSA-MD5 signature transform klass. - * - * Returns: RSA-MD5 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaMd5GetKlass(void) { - return(&xmlSecOpenSSLRsaMd5Klass); -} - -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 -/**************************************************************************** - * - * RSA-RIPEMD160 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaRipemd160Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaRipemd160, /* const xmlChar* name; */ - xmlSecHrefRsaRipemd160, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaRipemd160GetKlass: - * - * The RSA-RIPEMD160 signature transform klass. - * - * Returns: RSA-RIPEMD160 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaRipemd160GetKlass(void) { - return(&xmlSecOpenSSLRsaRipemd160Klass); -} - -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 -/**************************************************************************** - * - * RSA-SHA1 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha1Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha1, /* const xmlChar* name; */ - xmlSecHrefRsaSha1, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha1GetKlass: - * - * The RSA-SHA1 signature transform klass. - * - * Returns: RSA-SHA1 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha1GetKlass(void) { - return(&xmlSecOpenSSLRsaSha1Klass); -} - -#endif /* XMLSEC_NO_SHA1 */ - -#ifndef XMLSEC_NO_SHA224 -/**************************************************************************** - * - * RSA-SHA224 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha224Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha224, /* const xmlChar* name; */ - xmlSecHrefRsaSha224, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha224GetKlass: - * - * The RSA-SHA224 signature transform klass. - * - * Returns: RSA-SHA224 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha224GetKlass(void) { - return(&xmlSecOpenSSLRsaSha224Klass); -} - -#endif /* XMLSEC_NO_SHA224 */ - -#ifndef XMLSEC_NO_SHA256 -/**************************************************************************** - * - * RSA-SHA256 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha256Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha256, /* const xmlChar* name; */ - xmlSecHrefRsaSha256, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha256GetKlass: - * - * The RSA-SHA256 signature transform klass. - * - * Returns: RSA-SHA256 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha256GetKlass(void) { - return(&xmlSecOpenSSLRsaSha256Klass); -} - -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 -/**************************************************************************** - * - * RSA-SHA384 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha384Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha384, /* const xmlChar* name; */ - xmlSecHrefRsaSha384, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha384GetKlass: - * - * The RSA-SHA384 signature transform klass. - * - * Returns: RSA-SHA384 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha384GetKlass(void) { - return(&xmlSecOpenSSLRsaSha384Klass); -} - -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 -/**************************************************************************** - * - * RSA-SHA512 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha512Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha512, /* const xmlChar* name; */ - xmlSecHrefRsaSha512, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha512GetKlass: - * - * The RSA-SHA512 signature transform klass. - * - * Returns: RSA-SHA512 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha512GetKlass(void) { - return(&xmlSecOpenSSLRsaSha512Klass); -} - -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - - -#ifndef XMLSEC_NO_GOST -/**************************************************************************** - * - * GOST2001-GOSTR3411_94 signature transform - * - ***************************************************************************/ - -static xmlSecTransformKlass xmlSecOpenSSLGost2001GostR3411_94Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameGost2001GostR3411_94, /* const xmlChar* name; */ - xmlSecHrefGost2001GostR3411_94, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass: - * - * The GOST2001-GOSTR3411_94 signature transform klass. - * - * Returns: GOST2001-GOSTR3411_94 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass(void) { - return(&xmlSecOpenSSLGost2001GostR3411_94Klass); -} -#endif /* XMLSEC_NO_GOST*/ |