diff options
Diffstat (limited to 'providers')
20 files changed, 224 insertions, 145 deletions
diff --git a/providers/common/der/DIGESTS.asn1 b/providers/common/der/DIGESTS.asn1 index afed372..bd955df 100644 --- a/providers/common/der/DIGESTS.asn1 +++ b/providers/common/der/DIGESTS.asn1 @@ -1,5 +1,22 @@ -- ------------------------------------------------------------------- --- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration +-- From https://tools.ietf.org/html/rfc4055#section-2.1 + +id-sha1 OBJECT IDENTIFIER ::= { iso(1) + identified-organization(3) oiw(14) + secsig(3) algorithms(2) 26 } + +-- ------------------------------------------------------------------- +-- From https://tools.ietf.org/html/rfc5480#appendix-A +-- (OIDs for MD2 and MD5 are allowed only in EMSA-PKCS1-v1_5) + +id-md2 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } + +id-md5 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } + +-- ------------------------------------------------------------------- +-- From https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 } id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 } diff --git a/providers/common/der/RSA.asn1 b/providers/common/der/RSA.asn1 index d0c54d7..6ba99da 100644 --- a/providers/common/der/RSA.asn1 +++ b/providers/common/der/RSA.asn1 @@ -53,25 +53,6 @@ sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 } sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 } -- --- This OID really belongs in a module with the secsig OIDs. --- -id-sha1 OBJECT IDENTIFIER ::= { - iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) - 26 -} - --- --- OIDs for MD2 and MD5, allowed only in EMSA-PKCS1-v1_5. --- -id-md2 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 -} - -id-md5 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 -} - --- -- When id-mgf1 is used in an AlgorithmIdentifier, the parameters -- MUST be present and MUST be a HashAlgorithm, for example, sha1. -- diff --git a/providers/common/der/build.info b/providers/common/der/build.info index 837fe73..43fe903 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -1,32 +1,36 @@ -$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c +$FIPSABLE=\ + der_rsa_gen.c der_rsa_key.c der_rsa_sig.c \ + der_dsa_gen.c der_dsa_key.c der_dsa_sig.c \ + der_ec_gen.c der_ec_key.c der_ec_sig.c \ + der_digests_gen.c SOURCE[../../libfips.a]=$FIPSABLE SOURCE[../../libnonfips.a]=$FIPSABLE -GENERATE[der_rsa.c]=der_rsa.c.in -DEPEND[der_rsa.c]=oids_to_c.pm +GENERATE[der_rsa_gen.c]=der_rsa_gen.c.in +DEPEND[der_rsa_gen.c]=oids_to_c.pm -DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h +DEPEND[der_rsa_gen.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm -GENERATE[der_dsa.c]=der_dsa.c.in -DEPEND[der_dsa.c]=oids_to_c.pm +GENERATE[der_dsa_gen.c]=der_dsa_gen.c.in +DEPEND[der_dsa_gen.c]=oids_to_c.pm -DEPEND[der_dsa.o]=../include/prov/der_dsa.h +DEPEND[der_dsa_gen.o]=../include/prov/der_dsa.h GENERATE[../include/prov/der_dsa.h]=der_dsa.h.in DEPEND[../include/prov/der_dsa.h]=oids_to_c.pm -GENERATE[der_ec.c]=der_ec.c.in -DEPEND[der_ec.c]=oids_to_c.pm +GENERATE[der_ec_gen.c]=der_ec_gen.c.in +DEPEND[der_ec_gen.c]=oids_to_c.pm -DEPEND[der_ec.o]=../include/prov/der_ec.h +DEPEND[der_ec_gen.o]=../include/prov/der_ec.h GENERATE[../include/prov/der_ec.h]=der_ec.h.in DEPEND[../include/prov/der_ec.h]=oids_to_c.pm -GENERATE[der_digests.c]=der_digests.c.in -DEPEND[der_digests.c]=oids_to_c.pm +GENERATE[der_digests_gen.c]=der_digests_gen.c.in +DEPEND[der_digests_gen.c]=oids_to_c.pm -DEPEND[der_digests.o]=../include/prov/der_digests.h +DEPEND[der_digests_gen.o]=../include/prov/der_digests.h GENERATE[../include/prov/der_digests.h]=der_digests.h.in DEPEND[../include/prov/der_digests.h]=oids_to_c.pm diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_digests_gen.c.in index 433c107..433c107 100644 --- a/providers/common/der/der_digests.c.in +++ b/providers/common/der/der_digests_gen.c.in diff --git a/providers/common/der/der_dsa.h.in b/providers/common/der/der_dsa.h.in index d9e7bf2..e9a8718 100644 --- a/providers/common/der/der_dsa.h.in +++ b/providers/common/der/der_dsa.h.in @@ -16,6 +16,8 @@ filter => \&oids_to_c::filter_to_H }); -} +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa); -int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag, - DSA *dsa, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, + DSA *dsa, int mdnid); diff --git a/providers/common/der/der_dsa_gen.c.in b/providers/common/der/der_dsa_gen.c.in new file mode 100644 index 0000000..95f1f5c --- /dev/null +++ b/providers/common/der/der_dsa_gen.c.in @@ -0,0 +1,17 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_dsa.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_C }); +-} diff --git a/providers/common/der/der_dsa_key.c b/providers/common/der/der_dsa_key.c new file mode 100644 index 0000000..6118b27 --- /dev/null +++ b/providers/common/der/der_dsa_key.c @@ -0,0 +1,20 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/obj_mac.h> +#include "internal/packet.h" +#include "prov/der_dsa.h" + +int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa) +{ + return DER_w_begin_sequence(pkt, tag) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa)) + && DER_w_end_sequence(pkt, tag); +} diff --git a/providers/common/der/der_dsa.c.in b/providers/common/der/der_dsa_sig.c index 28c0ba8..c96a617 100644 --- a/providers/common/der/der_dsa.c.in +++ b/providers/common/der/der_dsa_sig.c @@ -7,33 +7,18 @@ * https://www.openssl.org/source/license.html */ -#include <openssl/bn.h> #include <openssl/obj_mac.h> +#include "internal/packet.h" #include "prov/der_dsa.h" -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - -int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa) -{ - return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa)) - && DER_w_end_sequence(pkt, tag); -} - #define MD_CASE(name) \ case NID_##name: \ precompiled = der_oid_id_dsa_with_##name; \ precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ break; -int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag, - DSA *dsa, int mdnid) +int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, + DSA *dsa, int mdnid) { const unsigned char *precompiled = NULL; size_t precompiled_sz = 0; diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in index 24f153c..86a754e 100644 --- a/providers/common/der/der_ec.h.in +++ b/providers/common/der/der_ec.h.in @@ -16,6 +16,8 @@ filter => \&oids_to_c::filter_to_H }); -} +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec); -int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, + EC_KEY *ec, int mdnid); diff --git a/providers/common/der/der_ec_gen.c.in b/providers/common/der/der_ec_gen.c.in new file mode 100644 index 0000000..40acf9a --- /dev/null +++ b/providers/common/der/der_ec_gen.c.in @@ -0,0 +1,17 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_ec.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_C }); +-} diff --git a/providers/common/der/der_ec_key.c b/providers/common/der/der_ec_key.c new file mode 100644 index 0000000..058596a --- /dev/null +++ b/providers/common/der/der_ec_key.c @@ -0,0 +1,21 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/obj_mac.h> +#include "internal/packet.h" +#include "prov/der_ec.h" + +int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) +{ + return DER_w_begin_sequence(pkt, cont) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, + sizeof(der_oid_id_ecPublicKey)) + && DER_w_end_sequence(pkt, cont); +} diff --git a/providers/common/der/der_ec.c.in b/providers/common/der/der_ec_sig.c index a617651..687ec49 100644 --- a/providers/common/der/der_ec.c.in +++ b/providers/common/der/der_ec_sig.c @@ -7,26 +7,10 @@ * https://www.openssl.org/source/license.html */ -#include <openssl/bn.h> #include <openssl/obj_mac.h> +#include "internal/packet.h" #include "prov/der_ec.h" -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - -int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) -{ - return DER_w_begin_sequence(pkt, cont) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, - sizeof(der_oid_id_ecPublicKey)) - && DER_w_end_sequence(pkt, cont); -} - /* Aliases so we can have a uniform MD_CASE */ #define der_oid_id_ecdsa_with_sha1 der_oid_ecdsa_with_SHA1 #define der_oid_id_ecdsa_with_sha224 der_oid_ecdsa_with_SHA224 @@ -40,8 +24,8 @@ int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) precompiled_sz = sizeof(der_oid_id_ecdsa_with_##name); \ break; -int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid) +int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, + EC_KEY *ec, int mdnid) { const unsigned char *precompiled = NULL; size_t precompiled_sz = 0; diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_rsa.h.in index 53f6227..c744fc2 100644 --- a/providers/common/der/der_rsa.h.in +++ b/providers/common/der/der_rsa.h.in @@ -13,14 +13,16 @@ /* Well known OIDs precompiled */ {- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* PSS parameters */ int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss); +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); -int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, - RSA *rsa, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, + RSA *rsa, int mdnid); diff --git a/providers/common/der/der_rsa_gen.c.in b/providers/common/der/der_rsa_gen.c.in new file mode 100644 index 0000000..0d1ca0b --- /dev/null +++ b/providers/common/der/der_rsa_gen.c.in @@ -0,0 +1,18 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_rsa.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/RSA.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_C }); +-} diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa_key.c index 30e945c..bd2de4a 100644 --- a/providers/common/der/der_rsa.c.in +++ b/providers/common/der/der_rsa_key.c @@ -7,21 +7,11 @@ * https://www.openssl.org/source/license.html */ -#include <openssl/bn.h> #include <openssl/obj_mac.h> #include "internal/cryptlib.h" #include "prov/der_rsa.h" #include "prov/der_digests.h" -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', - 'providers/common/der/RSA.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - /* More complex pre-compiled sequences. TODO(3.0) refactor? */ /*- * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 @@ -382,54 +372,3 @@ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa) && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz) && DER_w_end_sequence(pkt, tag); } - -/* Aliases so we can have a uniform MD_with_RSA_CASE */ -#define der_oid_sha3_224WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224 -#define der_oid_sha3_256WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256 -#define der_oid_sha3_384WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384 -#define der_oid_sha3_512WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 - -#define MD_with_RSA_CASE(name, var) \ - case NID_##name: \ - var = der_oid_##name##WithRSAEncryption; \ - var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \ - break; - -int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, - RSA *rsa, int mdnid) -{ - const unsigned char *precompiled = NULL; - size_t precompiled_sz = 0; - - switch (mdnid) { -#ifndef FIPS_MODULE - MD_with_RSA_CASE(md2, precompiled); - MD_with_RSA_CASE(md5, precompiled); - MD_with_RSA_CASE(md4, precompiled); - MD_with_RSA_CASE(ripemd160, precompiled); -/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ -#endif - MD_with_RSA_CASE(sha1, precompiled); - MD_with_RSA_CASE(sha224, precompiled); - MD_with_RSA_CASE(sha256, precompiled); - MD_with_RSA_CASE(sha384, precompiled); - MD_with_RSA_CASE(sha512, precompiled); - MD_with_RSA_CASE(sha512_224, precompiled); - MD_with_RSA_CASE(sha512_256, precompiled); - MD_with_RSA_CASE(sha3_224, precompiled); - MD_with_RSA_CASE(sha3_256, precompiled); - MD_with_RSA_CASE(sha3_384, precompiled); - MD_with_RSA_CASE(sha3_512, precompiled); - default: - return 0; - } - - return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) - && DER_w_end_sequence(pkt, tag); -} diff --git a/providers/common/der/der_rsa_sig.c b/providers/common/der/der_rsa_sig.c new file mode 100644 index 0000000..a1ab263 --- /dev/null +++ b/providers/common/der/der_rsa_sig.c @@ -0,0 +1,64 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/obj_mac.h> +#include "internal/packet.h" +#include "prov/der_rsa.h" +#include "prov/der_digests.h" + +/* Aliases so we can have a uniform MD_with_RSA_CASE */ +#define der_oid_sha3_224WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224 +#define der_oid_sha3_256WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256 +#define der_oid_sha3_384WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384 +#define der_oid_sha3_512WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 + +#define MD_with_RSA_CASE(name, var) \ + case NID_##name: \ + var = der_oid_##name##WithRSAEncryption; \ + var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \ + break; + +int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, + RSA *rsa, int mdnid) +{ + const unsigned char *precompiled = NULL; + size_t precompiled_sz = 0; + + switch (mdnid) { +#ifndef FIPS_MODULE + MD_with_RSA_CASE(md2, precompiled); + MD_with_RSA_CASE(md5, precompiled); + MD_with_RSA_CASE(md4, precompiled); + MD_with_RSA_CASE(ripemd160, precompiled); +/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ +#endif + MD_with_RSA_CASE(sha1, precompiled); + MD_with_RSA_CASE(sha224, precompiled); + MD_with_RSA_CASE(sha256, precompiled); + MD_with_RSA_CASE(sha384, precompiled); + MD_with_RSA_CASE(sha512, precompiled); + MD_with_RSA_CASE(sha512_224, precompiled); + MD_with_RSA_CASE(sha512_256, precompiled); + MD_with_RSA_CASE(sha3_224, precompiled); + MD_with_RSA_CASE(sha3_256, precompiled); + MD_with_RSA_CASE(sha3_384, precompiled); + MD_with_RSA_CASE(sha3_512, precompiled); + default: + return 0; + } + + return DER_w_begin_sequence(pkt, tag) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) + && DER_w_end_sequence(pkt, tag); +} diff --git a/providers/common/der/oids_to_c.pm b/providers/common/der/oids_to_c.pm index 64e6c07..dee3263 100644 --- a/providers/common/der/oids_to_c.pm +++ b/providers/common/der/oids_to_c.pm @@ -28,12 +28,19 @@ use Data::Dumper; sub filter_to_H { my ($name, $comment) = @{ shift() }; my @oid_nums = @_; + my $oid_size = scalar @oid_nums; + (my $C_comment = $comment) =~ s|^| * |msg; + $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne ''; (my $C_name = $name) =~ s|-|_|g; my $C_bytes_size = 2 + scalar @_; + my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums ); return <<"_____"; -extern const unsigned char der_oid_${C_name}[$C_bytes_size]; +$C_comment +#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes} +#define DER_OID_SZ_${C_name} ${C_bytes_size} +extern const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}]; _____ } @@ -48,12 +55,9 @@ sub filter_to_C { $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne ''; (my $C_name = $name) =~ s|-|_|g; my $C_bytes_size = 2 + $oid_size; - my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums ); return <<"_____"; $C_comment -#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes} -#define DER_OID_SZ_${C_name} ${C_bytes_size} const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}] = { DER_OID_V_${C_name} }; diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index bfab224..9227cb1 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -177,7 +177,8 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_DSA_with(&pkt, -1, ctx->dsa, md_nid) + && DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa, + md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index 267950d..d96f597 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -238,7 +238,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_ECDSA_with(&pkt, -1, ctx->ec, md_nid) + && DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 4dc3a89..6f62c2b 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -254,7 +254,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_RSA_with(&pkt, -1, ctx->rsa, md_nid) + && DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1, ctx->rsa, + md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); |