diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_ameth.c | 120 |
1 files changed, 119 insertions, 1 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c index ce3e9b3509..f71cee8ec1 100644 --- a/src/lib/libcrypto/rsa/rsa_ameth.c +++ b/src/lib/libcrypto/rsa/rsa_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_ameth.c,v 1.19 2018/08/24 20:22:15 tb Exp $ */ | 1 | /* $OpenBSD: rsa_ameth.c,v 1.20 2019/10/31 13:56:29 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -433,6 +433,124 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) | |||
| 433 | return 1; | 433 | return 1; |
| 434 | } | 434 | } |
| 435 | 435 | ||
| 436 | /* Allocate and set algorithm ID from EVP_MD, defaults to SHA1. */ | ||
| 437 | static int | ||
| 438 | rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) | ||
| 439 | { | ||
| 440 | if (md == NULL || EVP_MD_type(md) == NID_sha1) | ||
| 441 | return 1; | ||
| 442 | *palg = X509_ALGOR_new(); | ||
| 443 | if (*palg == NULL) | ||
| 444 | return 0; | ||
| 445 | X509_ALGOR_set_md(*palg, md); | ||
| 446 | return 1; | ||
| 447 | } | ||
| 448 | |||
| 449 | /* Allocate and set MGF1 algorithm ID from EVP_MD. */ | ||
| 450 | static int | ||
| 451 | rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) | ||
| 452 | { | ||
| 453 | X509_ALGOR *algtmp = NULL; | ||
| 454 | ASN1_STRING *stmp = NULL; | ||
| 455 | |||
| 456 | *palg = NULL; | ||
| 457 | if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1) | ||
| 458 | return 1; | ||
| 459 | /* need to embed algorithm ID inside another */ | ||
| 460 | if (!rsa_md_to_algor(&algtmp, mgf1md)) | ||
| 461 | goto err; | ||
| 462 | if (ASN1_item_pack(algtmp, &X509_ALGOR_it, &stmp) == NULL) | ||
| 463 | goto err; | ||
| 464 | *palg = X509_ALGOR_new(); | ||
| 465 | if (*palg == NULL) | ||
| 466 | goto err; | ||
| 467 | X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); | ||
| 468 | stmp = NULL; | ||
| 469 | err: | ||
| 470 | ASN1_STRING_free(stmp); | ||
| 471 | X509_ALGOR_free(algtmp); | ||
| 472 | if (*palg) | ||
| 473 | return 1; | ||
| 474 | return 0; | ||
| 475 | } | ||
| 476 | |||
| 477 | /* Convert algorithm ID to EVP_MD, defaults to SHA1. */ | ||
| 478 | static const EVP_MD * | ||
| 479 | rsa_algor_to_md(X509_ALGOR *alg) | ||
| 480 | { | ||
| 481 | const EVP_MD *md; | ||
| 482 | |||
| 483 | if (!alg) | ||
| 484 | return EVP_sha1(); | ||
| 485 | md = EVP_get_digestbyobj(alg->algorithm); | ||
| 486 | if (md == NULL) | ||
| 487 | RSAerror(RSA_R_UNKNOWN_DIGEST); | ||
| 488 | return md; | ||
| 489 | } | ||
| 490 | |||
| 491 | /* convert algorithm ID to EVP_MD, default SHA1 */ | ||
| 492 | RSA_PSS_PARAMS * | ||
| 493 | rsa_pss_params_create(const EVP_MD *sigmd, const EVP_MD *mgf1md, int saltlen) | ||
| 494 | { | ||
| 495 | RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); | ||
| 496 | |||
| 497 | if (pss == NULL) | ||
| 498 | goto err; | ||
| 499 | if (saltlen != 20) { | ||
| 500 | pss->saltLength = ASN1_INTEGER_new(); | ||
| 501 | if (pss->saltLength == NULL) | ||
| 502 | goto err; | ||
| 503 | if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) | ||
| 504 | goto err; | ||
| 505 | } | ||
| 506 | if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd)) | ||
| 507 | goto err; | ||
| 508 | if (mgf1md == NULL) | ||
| 509 | mgf1md = sigmd; | ||
| 510 | if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) | ||
| 511 | goto err; | ||
| 512 | if (!rsa_md_to_algor(&pss->maskHash, mgf1md)) | ||
| 513 | goto err; | ||
| 514 | return pss; | ||
| 515 | err: | ||
| 516 | RSA_PSS_PARAMS_free(pss); | ||
| 517 | return NULL; | ||
| 518 | } | ||
| 519 | |||
| 520 | int | ||
| 521 | rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, | ||
| 522 | const EVP_MD **pmgf1md, int *psaltlen) | ||
| 523 | { | ||
| 524 | if (pss == NULL) | ||
| 525 | return 0; | ||
| 526 | *pmd = rsa_algor_to_md(pss->hashAlgorithm); | ||
| 527 | if (*pmd == NULL) | ||
| 528 | return 0; | ||
| 529 | *pmgf1md = rsa_algor_to_md(pss->maskHash); | ||
| 530 | if (*pmgf1md == NULL) | ||
| 531 | return 0; | ||
| 532 | if (pss->saltLength) { | ||
| 533 | *psaltlen = ASN1_INTEGER_get(pss->saltLength); | ||
| 534 | if (*psaltlen < 0) { | ||
| 535 | RSAerror(RSA_R_INVALID_SALT_LENGTH); | ||
| 536 | return 0; | ||
| 537 | } | ||
| 538 | } else { | ||
| 539 | *psaltlen = 20; | ||
| 540 | } | ||
| 541 | |||
| 542 | /* | ||
| 543 | * low-level routines support only trailer field 0xbc (value 1) and | ||
| 544 | * PKCS#1 says we should reject any other value anyway. | ||
| 545 | */ | ||
| 546 | if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { | ||
| 547 | RSAerror(RSA_R_INVALID_TRAILER); | ||
| 548 | return 0; | ||
| 549 | } | ||
| 550 | |||
| 551 | return 1; | ||
| 552 | } | ||
| 553 | |||
| 436 | /* Customised RSA item verification routine. This is called | 554 | /* Customised RSA item verification routine. This is called |
| 437 | * when a signature is encountered requiring special handling. We | 555 | * when a signature is encountered requiring special handling. We |
| 438 | * currently only handle PSS. | 556 | * currently only handle PSS. |