add support for ecdsa-with-sha256 etc.

CHANGES

@@ -4,6 +4,9 @@
 
  Changes between 0.9.8e and 0.9.9  [xx XXX xxxx]
 
+  *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
+     [Nils Larsch]
+
   *) Initial incomplete changes to avoid need for function casts in OpenSSL
      when OPENSSL_NO_FCAST is set: some compilers (gcc 4.2 and later) reject
      their use. Safestack is reimplemented using inline functions: tests show

crypto/ec/ec_ameth.c

@@ -577,12 +577,17 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 		case ASN1_PKEY_CTRL_PKCS7_SIGN:
 		if (arg1 == 0)
 			{
+			int snid, hnid;
 			X509_ALGOR *alg1, *alg2;
 			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
-			X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_sha1),
-							V_ASN1_NULL, 0);
-			X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ecdsa_with_SHA1),
-							V_ASN1_NULL, 0);
+			if (alg1 == NULL || alg1->algorithm == NULL)
+				return -1;
+			hnid = OBJ_obj2nid(alg1->algorithm);
+			if (hnid == NID_undef)
+				return -1;
+			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+				return -1; 
+			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
 			}
 		return 1;
 

crypto/ec/ec_pmeth.c

@@ -220,7 +220,11 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		return 1;
 
 		case EVP_PKEY_CTRL_MD:
-		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1)
+		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+		    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+		    EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+		    EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+		    EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
 			{
 			ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
 			return 0;

crypto/evp/m_sha1.c

@@ -119,7 +119,7 @@ static const EVP_MD sha224_md=
 	NID_sha224,
 	NID_sha224WithRSAEncryption,
 	SHA224_DIGEST_LENGTH,
-	0,
+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
 	init224,
 	update256,
 	final256,
@@ -138,7 +138,7 @@ static const EVP_MD sha256_md=
 	NID_sha256,
 	NID_sha256WithRSAEncryption,
 	SHA256_DIGEST_LENGTH,
-	0,
+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
 	init256,
 	update256,
 	final256,
@@ -169,7 +169,7 @@ static const EVP_MD sha384_md=
 	NID_sha384,
 	NID_sha384WithRSAEncryption,
 	SHA384_DIGEST_LENGTH,
-	0,
+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
 	init384,
 	update512,
 	final512,
@@ -188,7 +188,7 @@ static const EVP_MD sha512_md=
 	NID_sha512,
 	NID_sha512WithRSAEncryption,
 	SHA512_DIGEST_LENGTH,
-	0,
+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
 	init512,
 	update512,
 	final512,

crypto/objects/obj_dat.h

@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 827
-#define NUM_SN 823
-#define NUM_LN 823
-#define NUM_OBJ 779
+#define NUM_NID 833
+#define NUM_SN 829
+#define NUM_LN 829
+#define NUM_OBJ 785
 
-static unsigned char lvalues[5496]={
+static unsigned char lvalues[5542]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -847,6 +847,12 @@ static unsigned char lvalues[5496]={
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,     /* [5471] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5479] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5487] OBJ_id_GostR3410_2001_ParamSet_cc */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,          /* [5495] OBJ_ecdsa_with_Recommended */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,          /* [5502] OBJ_ecdsa_with_Specified */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,     /* [5509] OBJ_ecdsa_with_SHA224 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5517] OBJ_ecdsa_with_SHA256 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5525] OBJ_ecdsa_with_SHA384 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5533] OBJ_ecdsa_with_SHA512 */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2184,6 +2190,18 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"id-GostR3410-2001-ParamSet-cc",
 	"GOST R 3410-2001 Parameter Set Cryptocom",
 	NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5487]),0},
+{"ecdsa-with-Recommended","ecdsa-with-Recommended",
+	NID_ecdsa_with_Recommended,7,&(lvalues[5495]),0},
+{"ecdsa-with-Specified","ecdsa-with-Specified",
+	NID_ecdsa_with_Specified,7,&(lvalues[5502]),0},
+{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8,
+	&(lvalues[5509]),0},
+{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8,
+	&(lvalues[5517]),0},
+{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8,
+	&(lvalues[5525]),0},
+{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
+	&(lvalues[5533]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2434,7 +2452,13 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[470]),/* "documentVersion" */
 &(nid_objs[392]),/* "domain" */
 &(nid_objs[452]),/* "domainRelatedObject" */
+&(nid_objs[827]),/* "ecdsa-with-Recommended" */
 &(nid_objs[416]),/* "ecdsa-with-SHA1" */
+&(nid_objs[829]),/* "ecdsa-with-SHA224" */
+&(nid_objs[830]),/* "ecdsa-with-SHA256" */
+&(nid_objs[831]),/* "ecdsa-with-SHA384" */
+&(nid_objs[832]),/* "ecdsa-with-SHA512" */
+&(nid_objs[828]),/* "ecdsa-with-Specified" */
 &(nid_objs[48]),/* "emailAddress" */
 &(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[389]),/* "enterprises" */
@@ -3281,7 +3305,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[113]),/* "dsaWithSHA1" */
 &(nid_objs[70]),/* "dsaWithSHA1-old" */
 &(nid_objs[297]),/* "dvcs" */
+&(nid_objs[827]),/* "ecdsa-with-Recommended" */
 &(nid_objs[416]),/* "ecdsa-with-SHA1" */
+&(nid_objs[829]),/* "ecdsa-with-SHA224" */
+&(nid_objs[830]),/* "ecdsa-with-SHA256" */
+&(nid_objs[831]),/* "ecdsa-with-SHA384" */
+&(nid_objs[832]),/* "ecdsa-with-SHA512" */
+&(nid_objs[828]),/* "ecdsa-with-Specified" */
 &(nid_objs[48]),/* "emailAddress" */
 &(nid_objs[632]),/* "encrypted track 2" */
 &(nid_objs[56]),/* "extendedCertificateAttributes" */
@@ -4175,6 +4205,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
 &(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
 &(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+&(nid_objs[827]),/* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
+&(nid_objs[828]),/* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
 &(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
 &(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 &(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
@@ -4256,6 +4288,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
 &(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
 &(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+&(nid_objs[829]),/* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
+&(nid_objs[830]),/* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
+&(nid_objs[831]),/* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
+&(nid_objs[832]),/* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
 &(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
 &(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
 &(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */

crypto/objects/obj_mac.h

@@ -305,6 +305,30 @@
 #define NID_ecdsa_with_SHA1		416
 #define OBJ_ecdsa_with_SHA1		OBJ_X9_62_id_ecSigType,1L
 
+#define SN_ecdsa_with_Recommended		"ecdsa-with-Recommended"
+#define NID_ecdsa_with_Recommended		827
+#define OBJ_ecdsa_with_Recommended		OBJ_X9_62_id_ecSigType,2L
+
+#define SN_ecdsa_with_Specified		"ecdsa-with-Specified"
+#define NID_ecdsa_with_Specified		828
+#define OBJ_ecdsa_with_Specified		OBJ_X9_62_id_ecSigType,3L
+
+#define SN_ecdsa_with_SHA224		"ecdsa-with-SHA224"
+#define NID_ecdsa_with_SHA224		829
+#define OBJ_ecdsa_with_SHA224		OBJ_ecdsa_with_Specified,1L
+
+#define SN_ecdsa_with_SHA256		"ecdsa-with-SHA256"
+#define NID_ecdsa_with_SHA256		830
+#define OBJ_ecdsa_with_SHA256		OBJ_ecdsa_with_Specified,2L
+
+#define SN_ecdsa_with_SHA384		"ecdsa-with-SHA384"
+#define NID_ecdsa_with_SHA384		831
+#define OBJ_ecdsa_with_SHA384		OBJ_ecdsa_with_Specified,3L
+
+#define SN_ecdsa_with_SHA512		"ecdsa-with-SHA512"
+#define NID_ecdsa_with_SHA512		832
+#define OBJ_ecdsa_with_SHA512		OBJ_ecdsa_with_Specified,4L
+
 #define OBJ_secg_ellipticCurve		OBJ_certicom_arc,0L
 
 #define SN_secp112r1		"secp112r1"

crypto/objects/obj_mac.num

@@ -824,3 +824,9 @@ id_GostR3410_2001_cc		823
 id_GostR3411_94_with_GostR3410_94_cc		824
 id_GostR3411_94_with_GostR3410_2001_cc		825
 id_GostR3410_2001_ParamSet_cc		826
+ecdsa_with_Recommended		827
+ecdsa_with_Specified		828
+ecdsa_with_SHA224		829
+ecdsa_with_SHA256		830
+ecdsa_with_SHA384		831
+ecdsa_with_SHA512		832

crypto/objects/obj_xref.txt

@@ -26,6 +26,12 @@ dsaWithSHA1		sha1	dsa
 dsaWithSHA1_2		sha1	dsa_2
 
 ecdsa_with_SHA1		sha1	X9_62_id_ecPublicKey
+ecdsa_with_SHA224	sha224	X9_62_id_ecPublicKey
+ecdsa_with_SHA256	sha256	X9_62_id_ecPublicKey
+ecdsa_with_SHA384	sha384	X9_62_id_ecPublicKey
+ecdsa_with_SHA512	sha512	X9_62_id_ecPublicKey
+ecdsa_with_Recommended	undef	X9_62_id_ecPublicKey
+ecdsa_with_Specified	undef	X9_62_id_ecPublicKey
 
 id_GostR3411_94_with_GostR3410_2001	id_GostR3411_94 id_GostR3410_2001
 id_GostR3411_94_with_GostR3410_94	id_GostR3411_94 id_GostR3410_94

crypto/objects/objects.txt

@@ -75,6 +75,12 @@ X9-62_primeCurve 7	 	: prime256v1
 !Alias id-ecSigType ansi-X9-62 4
 !global
 X9-62_id-ecSigType 1		: ecdsa-with-SHA1
+X9-62_id-ecSigType 2		: ecdsa-with-Recommended
+X9-62_id-ecSigType 3		: ecdsa-with-Specified
+ecdsa-with-Specified 1		: ecdsa-with-SHA224
+ecdsa-with-Specified 2		: ecdsa-with-SHA256
+ecdsa-with-Specified 3		: ecdsa-with-SHA384
+ecdsa-with-Specified 4		: ecdsa-with-SHA512
 
 # SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
 # (http://www.secg.org/)