diff options
| author | David Benjamin <davidben@chromium.org> | 2014-11-11 23:47:50 -0500 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-11-18 22:18:36 +0000 |
| commit | c20febe17747674ede52072e85fb944cd55637a6 (patch) | |
| tree | 4643338c1bb11a85c62cdfaad3eed463829b7d27 /include | |
| parent | ca6c82643ae885f94acff27ddd93bfb73fda3af5 (diff) | |
| download | boringssl-c20febe17747674ede52072e85fb944cd55637a6.zip boringssl-c20febe17747674ede52072e85fb944cd55637a6.tar.gz boringssl-c20febe17747674ede52072e85fb944cd55637a6.tar.bz2 | |
Add EVP_PKEY_supports_digest.
This is intended for TLS client auth with Windows CAPI- and CNG-backed keys
which implement sign over sign_raw and do not support all hash functions. Only
plumbed through RSA for now.
Change-Id: Ica42e7fb026840f817a169da9372dda226f7d6fd
Reviewed-on: https://boringssl-review.googlesource.com/2250
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/evp.h | 6 | ||||
| -rw-r--r-- | include/openssl/rsa.h | 10 |
2 files changed, 15 insertions, 1 deletions
diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 9e4920a..a760386 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -94,6 +94,12 @@ OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey); * an error to attempt to duplicate, export, or compare an opaque key. */ OPENSSL_EXPORT int EVP_PKEY_is_opaque(const EVP_PKEY *pkey); +/* EVP_PKEY_supports_digest returns one if |pkey| supports digests of + * type |md|. This is intended for use with EVP_PKEYs backing custom + * implementations which can't sign all digests. */ +OPENSSL_EXPORT int EVP_PKEY_supports_digest(const EVP_PKEY *pkey, + const EVP_MD *md); + /* EVP_PKEY_cmp compares |a| and |b| and returns one if they are equal, zero if * not and a negative number on error. * diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 16683ce..a545734 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -259,9 +259,13 @@ OPENSSL_EXPORT int RSA_public_decrypt(int flen, const uint8_t *from, OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa); /* RSA_is_opaque returns one if |rsa| is opaque and doesn't expose its key - * material. Otherwise it return zero. */ + * material. Otherwise it returns zero. */ OPENSSL_EXPORT int RSA_is_opaque(const RSA *rsa); +/* RSA_supports_digest returns one if |rsa| supports signing digests + * of type |md|. Otherwise it returns zero. */ +OPENSSL_EXPORT int RSA_supports_digest(const RSA *rsa, const EVP_MD *md); + /* RSAPublicKey_dup allocates a fresh |RSA| and copies the private key from * |rsa| into it. It returns the fresh |RSA| object, or NULL on error. */ OPENSSL_EXPORT RSA *RSAPublicKey_dup(const RSA *rsa); @@ -410,6 +414,10 @@ struct rsa_meth_st { int flags; int (*keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + + /* supports_digest returns one if |rsa| supports digests of type + * |md|. If null, it is assumed that all digests are supported. */ + int (*supports_digest)(const RSA *rsa, const EVP_MD *md); }; |