summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/rsa/rsa_ameth.c112
1 files changed, 59 insertions, 53 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index 6fb4403231..43e66ce02a 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_ameth.c,v 1.42 2023/11/07 22:35:03 tb Exp $ */ 1/* $OpenBSD: rsa_ameth.c,v 1.43 2023/11/08 16:02:41 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -909,6 +909,60 @@ rsa_alg_set_pss_padding(X509_ALGOR *alg, EVP_PKEY_CTX *pkey_ctx)
909 909
910#ifndef OPENSSL_NO_CMS 910#ifndef OPENSSL_NO_CMS
911static int 911static int
912rsa_alg_set_oaep_padding(X509_ALGOR *alg, EVP_PKEY_CTX *pkctx)
913{
914 const EVP_MD *md, *mgf1md;
915 RSA_OAEP_PARAMS *oaep = NULL;
916 ASN1_STRING *os = NULL;
917 int rv = 0, labellen;
918 unsigned char *label;
919
920 if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
921 goto err;
922 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
923 goto err;
924 labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
925 if (labellen < 0)
926 goto err;
927
928 if ((oaep = RSA_OAEP_PARAMS_new()) == NULL)
929 goto err;
930
931 if (!rsa_md_to_algor(md, &oaep->hashFunc))
932 goto err;
933 if (!rsa_mgf1md_to_maskGenAlgorithm(mgf1md, &oaep->maskGenFunc))
934 goto err;
935
936 /* XXX - why do we not set oaep->maskHash here? */
937
938 if (labellen > 0) {
939 ASN1_OCTET_STRING *los;
940 oaep->pSourceFunc = X509_ALGOR_new();
941 if (oaep->pSourceFunc == NULL)
942 goto err;
943 los = ASN1_OCTET_STRING_new();
944 if (los == NULL)
945 goto err;
946 if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
947 ASN1_OCTET_STRING_free(los);
948 goto err;
949 }
950 X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
951 V_ASN1_OCTET_STRING, los);
952 }
953 /* create string with pss parameter encoding. */
954 if (!ASN1_item_pack(oaep, &RSA_OAEP_PARAMS_it, &os))
955 goto err;
956 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
957 os = NULL;
958 rv = 1;
959 err:
960 RSA_OAEP_PARAMS_free(oaep);
961 ASN1_STRING_free(os);
962 return rv;
963}
964
965static int
912rsa_cms_sign(CMS_SignerInfo *si) 966rsa_cms_sign(CMS_SignerInfo *si)
913{ 967{
914 EVP_PKEY_CTX *pkey_ctx; 968 EVP_PKEY_CTX *pkey_ctx;
@@ -1057,13 +1111,9 @@ rsa_cms_decrypt(CMS_RecipientInfo *ri)
1057static int 1111static int
1058rsa_cms_encrypt(CMS_RecipientInfo *ri) 1112rsa_cms_encrypt(CMS_RecipientInfo *ri)
1059{ 1113{
1060 const EVP_MD *md, *mgf1md;
1061 RSA_OAEP_PARAMS *oaep = NULL;
1062 ASN1_STRING *os = NULL;
1063 X509_ALGOR *alg; 1114 X509_ALGOR *alg;
1064 EVP_PKEY_CTX *pkctx; 1115 EVP_PKEY_CTX *pkctx;
1065 int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; 1116 int pad_mode = RSA_PKCS1_PADDING;
1066 unsigned char *label;
1067 1117
1068 if ((pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) != NULL) { 1118 if ((pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) != NULL) {
1069 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) 1119 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
@@ -1074,54 +1124,10 @@ rsa_cms_encrypt(CMS_RecipientInfo *ri)
1074 return 0; 1124 return 0;
1075 if (pad_mode == RSA_PKCS1_PADDING) 1125 if (pad_mode == RSA_PKCS1_PADDING)
1076 return rsa_alg_set_pkcs1_padding(alg); 1126 return rsa_alg_set_pkcs1_padding(alg);
1127 if (pad_mode == RSA_PKCS1_OAEP_PADDING)
1128 return rsa_alg_set_oaep_padding(alg, pkctx);
1077 1129
1078 /* Not supported */ 1130 return 0;
1079 if (pad_mode != RSA_PKCS1_OAEP_PADDING)
1080 return 0;
1081
1082 if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
1083 goto err;
1084 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
1085 goto err;
1086 labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
1087 if (labellen < 0)
1088 goto err;
1089
1090 if ((oaep = RSA_OAEP_PARAMS_new()) == NULL)
1091 goto err;
1092
1093 if (!rsa_md_to_algor(md, &oaep->hashFunc))
1094 goto err;
1095 if (!rsa_mgf1md_to_maskGenAlgorithm(mgf1md, &oaep->maskGenFunc))
1096 goto err;
1097
1098 /* XXX - why do we not set oaep->maskHash here? */
1099
1100 if (labellen > 0) {
1101 ASN1_OCTET_STRING *los;
1102 oaep->pSourceFunc = X509_ALGOR_new();
1103 if (oaep->pSourceFunc == NULL)
1104 goto err;
1105 los = ASN1_OCTET_STRING_new();
1106 if (los == NULL)
1107 goto err;
1108 if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
1109 ASN1_OCTET_STRING_free(los);
1110 goto err;
1111 }
1112 X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
1113 V_ASN1_OCTET_STRING, los);
1114 }
1115 /* create string with pss parameter encoding. */
1116 if (!ASN1_item_pack(oaep, &RSA_OAEP_PARAMS_it, &os))
1117 goto err;
1118 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
1119 os = NULL;
1120 rv = 1;
1121 err:
1122 RSA_OAEP_PARAMS_free(oaep);
1123 ASN1_STRING_free(os);
1124 return rv;
1125} 1131}
1126#endif 1132#endif
1127 1133
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 20:04:55 +0000