summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_ameth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_ameth.c')
-rw-r--r--src/lib/libcrypto/rsa/rsa_ameth.c462
1 files changed, 217 insertions, 245 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index 2e2194e8b3..8e15e3f535 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_ameth.c,v 1.6 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: rsa_ameth.c,v 1.7 2014/07/09 08:20:08 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -67,207 +67,213 @@
67#endif 67#endif
68#include "asn1_locl.h" 68#include "asn1_locl.h"
69 69
70static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 70static int
71 { 71rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
72{
72 unsigned char *penc = NULL; 73 unsigned char *penc = NULL;
73 int penclen; 74 int penclen;
75
74 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); 76 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
75 if (penclen <= 0) 77 if (penclen <= 0)
76 return 0; 78 return 0;
77 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), 79 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
78 V_ASN1_NULL, NULL, penc, penclen)) 80 V_ASN1_NULL, NULL, penc, penclen))
79 return 1; 81 return 1;
80 82
81 free(penc); 83 free(penc);
82 return 0; 84 return 0;
83 } 85}
84 86
85static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 87static int
86 { 88rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
89{
87 const unsigned char *p; 90 const unsigned char *p;
88 int pklen; 91 int pklen;
89 RSA *rsa = NULL; 92 RSA *rsa = NULL;
93
90 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) 94 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
91 return 0; 95 return 0;
92 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) 96 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
93 {
94 RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); 97 RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
95 return 0; 98 return 0;
96 } 99 }
97 EVP_PKEY_assign_RSA (pkey, rsa); 100 EVP_PKEY_assign_RSA (pkey, rsa);
98 return 1; 101 return 1;
99 } 102}
100 103
101static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 104static int
102 { 105rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
103 if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 106{
104 || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) 107 if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 ||
105 return 0; 108 BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
109 return 0;
106 return 1; 110 return 1;
107 } 111}
108 112
109static int old_rsa_priv_decode(EVP_PKEY *pkey, 113static int
110 const unsigned char **pder, int derlen) 114old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
111 { 115{
112 RSA *rsa; 116 RSA *rsa;
113 if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) 117
114 { 118 if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
115 RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); 119 RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
116 return 0; 120 return 0;
117 } 121 }
118 EVP_PKEY_assign_RSA(pkey, rsa); 122 EVP_PKEY_assign_RSA(pkey, rsa);
119 return 1; 123 return 1;
120 } 124}
121 125
122static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) 126static int
123 { 127old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
128{
124 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); 129 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
125 } 130}
126 131
127static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 132static int
128 { 133rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
134{
129 unsigned char *rk = NULL; 135 unsigned char *rk = NULL;
130 int rklen; 136 int rklen;
137
131 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); 138 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
132 139
133 if (rklen <= 0) 140 if (rklen <= 0) {
134 { 141 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
135 RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
136 return 0; 142 return 0;
137 } 143 }
138 144
139 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, 145 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
140 V_ASN1_NULL, NULL, rk, rklen)) 146 V_ASN1_NULL, NULL, rk, rklen)) {
141 { 147 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
142 RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
143 return 0; 148 return 0;
144 } 149 }
145 150
146 return 1; 151 return 1;
147 } 152}
148 153
149static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 154static int
150 { 155rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
156{
151 const unsigned char *p; 157 const unsigned char *p;
152 int pklen; 158 int pklen;
159
153 if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) 160 if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
154 return 0; 161 return 0;
155 return old_rsa_priv_decode(pkey, &p, pklen); 162 return old_rsa_priv_decode(pkey, &p, pklen);
156 } 163}
157 164
158static int int_rsa_size(const EVP_PKEY *pkey) 165static int
159 { 166int_rsa_size(const EVP_PKEY *pkey)
167{
160 return RSA_size(pkey->pkey.rsa); 168 return RSA_size(pkey->pkey.rsa);
161 } 169}
162 170
163static int rsa_bits(const EVP_PKEY *pkey) 171static int
164 { 172rsa_bits(const EVP_PKEY *pkey)
173{
165 return BN_num_bits(pkey->pkey.rsa->n); 174 return BN_num_bits(pkey->pkey.rsa->n);
166 } 175}
167 176
168static void int_rsa_free(EVP_PKEY *pkey) 177static void
169 { 178int_rsa_free(EVP_PKEY *pkey)
179{
170 RSA_free(pkey->pkey.rsa); 180 RSA_free(pkey->pkey.rsa);
171 } 181}
172
173 182
174static void update_buflen(const BIGNUM *b, size_t *pbuflen) 183static void
175 { 184update_buflen(const BIGNUM *b, size_t *pbuflen)
185{
176 size_t i; 186 size_t i;
187
177 if (!b) 188 if (!b)
178 return; 189 return;
179 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 190 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
180 *pbuflen = i; 191 *pbuflen = i;
181 } 192}
182 193
183static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) 194static int
184 { 195do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
196{
185 char *str; 197 char *str;
186 const char *s; 198 const char *s;
187 unsigned char *m=NULL; 199 unsigned char *m = NULL;
188 int ret=0, mod_len = 0; 200 int ret = 0, mod_len = 0;
189 size_t buf_len=0; 201 size_t buf_len = 0;
190 202
191 update_buflen(x->n, &buf_len); 203 update_buflen(x->n, &buf_len);
192 update_buflen(x->e, &buf_len); 204 update_buflen(x->e, &buf_len);
193 205
194 if (priv) 206 if (priv) {
195 {
196 update_buflen(x->d, &buf_len); 207 update_buflen(x->d, &buf_len);
197 update_buflen(x->p, &buf_len); 208 update_buflen(x->p, &buf_len);
198 update_buflen(x->q, &buf_len); 209 update_buflen(x->q, &buf_len);
199 update_buflen(x->dmp1, &buf_len); 210 update_buflen(x->dmp1, &buf_len);
200 update_buflen(x->dmq1, &buf_len); 211 update_buflen(x->dmq1, &buf_len);
201 update_buflen(x->iqmp, &buf_len); 212 update_buflen(x->iqmp, &buf_len);
202 } 213 }
203 214
204 m = malloc(buf_len+10); 215 m = malloc(buf_len + 10);
205 if (m == NULL) 216 if (m == NULL) {
206 { 217 RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
207 RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE);
208 goto err; 218 goto err;
209 } 219 }
210 220
211 if (x->n != NULL) 221 if (x->n != NULL)
212 mod_len = BN_num_bits(x->n); 222 mod_len = BN_num_bits(x->n);
213 223
214 if(!BIO_indent(bp,off,128)) 224 if (!BIO_indent(bp, off, 128))
215 goto err; 225 goto err;
216 226
217 if (priv && x->d) 227 if (priv && x->d) {
218 { 228 if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
219 if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) 229 goto err;
220 <= 0) goto err;
221 str = "modulus:"; 230 str = "modulus:";
222 s = "publicExponent:"; 231 s = "publicExponent:";
223 } 232 } else {
224 else 233 if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
225 { 234 goto err;
226 if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len)
227 <= 0) goto err;
228 str = "Modulus:"; 235 str = "Modulus:";
229 s= "Exponent:"; 236 s= "Exponent:";
230 } 237 }
231 if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err; 238 if (!ASN1_bn_print(bp, str, x->n, m, off))
232 if (!ASN1_bn_print(bp,s,x->e,m,off))
233 goto err; 239 goto err;
234 if (priv) 240 if (!ASN1_bn_print(bp, s, x->e, m, off))
235 { 241 goto err;
236 if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off)) 242 if (priv) {
243 if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off))
237 goto err; 244 goto err;
238 if (!ASN1_bn_print(bp,"prime1:",x->p,m,off)) 245 if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
239 goto err; 246 goto err;
240 if (!ASN1_bn_print(bp,"prime2:",x->q,m,off)) 247 if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
241 goto err; 248 goto err;
242 if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off)) 249 if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
243 goto err; 250 goto err;
244 if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off)) 251 if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
245 goto err; 252 goto err;
246 if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off)) 253 if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
247 goto err; 254 goto err;
248 } 255 }
249 ret=1; 256 ret = 1;
250err: 257err:
251 free(m); 258 free(m);
252 return(ret); 259 return(ret);
253 } 260}
254 261
255static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, 262static int
256 ASN1_PCTX *ctx) 263rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
257 { 264{
258 return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); 265 return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
259 } 266}
260
261 267
262static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, 268static int
263 ASN1_PCTX *ctx) 269rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
264 { 270{
265 return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); 271 return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
266 } 272}
267 273
268static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, 274static RSA_PSS_PARAMS *
269 X509_ALGOR **pmaskHash) 275rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash)
270 { 276{
271 const unsigned char *p; 277 const unsigned char *p;
272 int plen; 278 int plen;
273 RSA_PSS_PARAMS *pss; 279 RSA_PSS_PARAMS *pss;
@@ -283,31 +289,30 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
283 if (!pss) 289 if (!pss)
284 return NULL; 290 return NULL;
285 291
286 if (pss->maskGenAlgorithm) 292 if (pss->maskGenAlgorithm) {
287 {
288 ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; 293 ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
289 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 294 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
290 && param->type == V_ASN1_SEQUENCE) 295 param->type == V_ASN1_SEQUENCE) {
291 {
292 p = param->value.sequence->data; 296 p = param->value.sequence->data;
293 plen = param->value.sequence->length; 297 plen = param->value.sequence->length;
294 *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); 298 *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
295 }
296 } 299 }
300 }
297 301
298 return pss; 302 return pss;
299 } 303}
300 304
301static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, 305static int
302 X509_ALGOR *maskHash, int indent) 306rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
303 { 307 int indent)
308{
304 int rv = 0; 309 int rv = 0;
305 if (!pss) 310
306 { 311 if (!pss) {
307 if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) 312 if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
308 return 0; 313 return 0;
309 return 1; 314 return 1;
310 } 315 }
311 if (BIO_puts(bp, "\n") <= 0) 316 if (BIO_puts(bp, "\n") <= 0)
312 goto err; 317 goto err;
313 if (!BIO_indent(bp, indent, 128)) 318 if (!BIO_indent(bp, indent, 128))
@@ -315,12 +320,10 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
315 if (BIO_puts(bp, "Hash Algorithm: ") <= 0) 320 if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
316 goto err; 321 goto err;
317 322
318 if (pss->hashAlgorithm) 323 if (pss->hashAlgorithm) {
319 {
320 if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) 324 if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
321 goto err; 325 goto err;
322 } 326 } else if (BIO_puts(bp, "sha1 (default)") <= 0)
323 else if (BIO_puts(bp, "sha1 (default)") <= 0)
324 goto err; 327 goto err;
325 328
326 if (BIO_puts(bp, "\n") <= 0) 329 if (BIO_puts(bp, "\n") <= 0)
@@ -330,22 +333,18 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
330 goto err; 333 goto err;
331 334
332 if (BIO_puts(bp, "Mask Algorithm: ") <= 0) 335 if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
333 goto err; 336 goto err;
334 if (pss->maskGenAlgorithm) 337 if (pss->maskGenAlgorithm) {
335 {
336 if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) 338 if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
337 goto err; 339 goto err;
338 if (BIO_puts(bp, " with ") <= 0) 340 if (BIO_puts(bp, " with ") <= 0)
339 goto err; 341 goto err;
340 if (maskHash) 342 if (maskHash) {
341 {
342 if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) 343 if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
344 goto err;
345 } else if (BIO_puts(bp, "INVALID") <= 0)
343 goto err; 346 goto err;
344 } 347 } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
345 else if (BIO_puts(bp, "INVALID") <= 0)
346 goto err;
347 }
348 else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
349 goto err; 348 goto err;
350 BIO_puts(bp, "\n"); 349 BIO_puts(bp, "\n");
351 350
@@ -353,41 +352,35 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
353 goto err; 352 goto err;
354 if (BIO_puts(bp, "Salt Length: 0x") <= 0) 353 if (BIO_puts(bp, "Salt Length: 0x") <= 0)
355 goto err; 354 goto err;
356 if (pss->saltLength) 355 if (pss->saltLength) {
357 {
358 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) 356 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
359 goto err; 357 goto err;
360 } 358 } else if (BIO_puts(bp, "0x14 (default)") <= 0)
361 else if (BIO_puts(bp, "0x14 (default)") <= 0)
362 goto err; 359 goto err;
363 BIO_puts(bp, "\n"); 360 BIO_puts(bp, "\n");
364 361
365 if (!BIO_indent(bp, indent, 128)) 362 if (!BIO_indent(bp, indent, 128))
366 goto err; 363 goto err;
367 if (BIO_puts(bp, "Trailer Field: 0x") <= 0) 364 if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
368 goto err; 365 goto err;
369 if (pss->trailerField) 366 if (pss->trailerField) {
370 {
371 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) 367 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
372 goto err; 368 goto err;
373 } 369 } else if (BIO_puts(bp, "BC (default)") <= 0)
374 else if (BIO_puts(bp, "BC (default)") <= 0)
375 goto err; 370 goto err;
376 BIO_puts(bp, "\n"); 371 BIO_puts(bp, "\n");
377 372
378 rv = 1; 373 rv = 1;
379 374
380 err: 375err:
381 return rv; 376 return rv;
377}
382 378
383 } 379static int
384 380rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
385static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, 381 int indent, ASN1_PCTX *pctx)
386 const ASN1_STRING *sig, 382{
387 int indent, ASN1_PCTX *pctx) 383 if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
388 {
389 if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss)
390 {
391 int rv; 384 int rv;
392 RSA_PSS_PARAMS *pss; 385 RSA_PSS_PARAMS *pss;
393 X509_ALGOR *maskHash; 386 X509_ALGOR *maskHash;
@@ -399,147 +392,132 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
399 X509_ALGOR_free(maskHash); 392 X509_ALGOR_free(maskHash);
400 if (!rv) 393 if (!rv)
401 return 0; 394 return 0;
402 } 395 } else if (!sig && BIO_puts(bp, "\n") <= 0)
403 else if (!sig && BIO_puts(bp, "\n") <= 0)
404 return 0; 396 return 0;
405 if (sig) 397 if (sig)
406 return X509_signature_dump(bp, sig, indent); 398 return X509_signature_dump(bp, sig, indent);
407 return 1; 399 return 1;
408 } 400}
409 401
410static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 402static int
411 { 403rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
404{
412 X509_ALGOR *alg = NULL; 405 X509_ALGOR *alg = NULL;
413 switch (op) 406 switch (op) {
414 { 407 case ASN1_PKEY_CTRL_PKCS7_SIGN:
415
416 case ASN1_PKEY_CTRL_PKCS7_SIGN:
417 if (arg1 == 0) 408 if (arg1 == 0)
418 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); 409 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
419 break; 410 break;
420 411
421 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: 412 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
422 if (arg1 == 0) 413 if (arg1 == 0)
423 PKCS7_RECIP_INFO_get0_alg(arg2, &alg); 414 PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
424 break; 415 break;
425#ifndef OPENSSL_NO_CMS 416#ifndef OPENSSL_NO_CMS
426 case ASN1_PKEY_CTRL_CMS_SIGN: 417 case ASN1_PKEY_CTRL_CMS_SIGN:
427 if (arg1 == 0) 418 if (arg1 == 0)
428 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg); 419 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
429 break; 420 break;
430 421
431 case ASN1_PKEY_CTRL_CMS_ENVELOPE: 422 case ASN1_PKEY_CTRL_CMS_ENVELOPE:
432 if (arg1 == 0) 423 if (arg1 == 0)
433 CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg); 424 CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
434 break; 425 break;
435#endif 426#endif
436 427
437 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 428 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
438 *(int *)arg2 = NID_sha1; 429 *(int *)arg2 = NID_sha1;
439 return 1; 430 return 1;
440 431
441 default: 432 default:
442 return -2; 433 return -2;
443 434 }
444 }
445 435
446 if (alg) 436 if (alg)
447 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), 437 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
448 V_ASN1_NULL, 0); 438 V_ASN1_NULL, 0);
449 439
450 return 1; 440 return 1;
451 441}
452 }
453 442
454/* Customised RSA item verification routine. This is called 443/* Customised RSA item verification routine. This is called
455 * when a signature is encountered requiring special handling. We 444 * when a signature is encountered requiring special handling. We
456 * currently only handle PSS. 445 * currently only handle PSS.
457 */ 446 */
458 447static int
459 448rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
460static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 449 X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
461 X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, 450{
462 EVP_PKEY *pkey)
463 {
464 int rv = -1; 451 int rv = -1;
465 int saltlen; 452 int saltlen;
466 const EVP_MD *mgf1md = NULL, *md = NULL; 453 const EVP_MD *mgf1md = NULL, *md = NULL;
467 RSA_PSS_PARAMS *pss; 454 RSA_PSS_PARAMS *pss;
468 X509_ALGOR *maskHash; 455 X509_ALGOR *maskHash;
469 EVP_PKEY_CTX *pkctx; 456 EVP_PKEY_CTX *pkctx;
457
470 /* Sanity check: make sure it is PSS */ 458 /* Sanity check: make sure it is PSS */
471 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) 459 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
472 {
473 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); 460 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
474 return -1; 461 return -1;
475 } 462 }
476 /* Decode PSS parameters */ 463 /* Decode PSS parameters */
477 pss = rsa_pss_decode(sigalg, &maskHash); 464 pss = rsa_pss_decode(sigalg, &maskHash);
478 465
479 if (pss == NULL) 466 if (pss == NULL) {
480 {
481 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS); 467 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
482 goto err; 468 goto err;
483 } 469 }
484 /* Check mask and lookup mask hash algorithm */ 470 /* Check mask and lookup mask hash algorithm */
485 if (pss->maskGenAlgorithm) 471 if (pss->maskGenAlgorithm) {
486 { 472 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
487 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) 473 RSAerr(RSA_F_RSA_ITEM_VERIFY,
488 { 474 RSA_R_UNSUPPORTED_MASK_ALGORITHM);
489 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
490 goto err; 475 goto err;
491 } 476 }
492 if (!maskHash) 477 if (!maskHash) {
493 { 478 RSAerr(RSA_F_RSA_ITEM_VERIFY,
494 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_PARAMETER); 479 RSA_R_UNSUPPORTED_MASK_PARAMETER);
495 goto err; 480 goto err;
496 } 481 }
497 mgf1md = EVP_get_digestbyobj(maskHash->algorithm); 482 mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
498 if (mgf1md == NULL) 483 if (mgf1md == NULL) {
499 { 484 RSAerr(RSA_F_RSA_ITEM_VERIFY,
500 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_MASK_DIGEST); 485 RSA_R_UNKNOWN_MASK_DIGEST);
501 goto err; 486 goto err;
502 }
503 } 487 }
504 else 488 } else
505 mgf1md = EVP_sha1(); 489 mgf1md = EVP_sha1();
506 490
507 if (pss->hashAlgorithm) 491 if (pss->hashAlgorithm) {
508 {
509 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm); 492 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
510 if (md == NULL) 493 if (md == NULL) {
511 {
512 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST); 494 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
513 goto err; 495 goto err;
514 }
515 } 496 }
516 else 497 } else
517 md = EVP_sha1(); 498 md = EVP_sha1();
518 499
519 if (pss->saltLength) 500 if (pss->saltLength) {
520 {
521 saltlen = ASN1_INTEGER_get(pss->saltLength); 501 saltlen = ASN1_INTEGER_get(pss->saltLength);
522 502
523 /* Could perform more salt length sanity checks but the main 503 /* Could perform more salt length sanity checks but the main
524 * RSA routines will trap other invalid values anyway. 504 * RSA routines will trap other invalid values anyway.
525 */ 505 */
526 if (saltlen < 0) 506 if (saltlen < 0) {
527 { 507 RSAerr(RSA_F_RSA_ITEM_VERIFY,
528 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_SALT_LENGTH); 508 RSA_R_INVALID_SALT_LENGTH);
529 goto err; 509 goto err;
530 }
531 } 510 }
532 else 511 } else
533 saltlen = 20; 512 saltlen = 20;
534 513
535 /* low-level routines support only trailer field 0xbc (value 1) 514 /* low-level routines support only trailer field 0xbc (value 1)
536 * and PKCS#1 says we should reject any other value anyway. 515 * and PKCS#1 says we should reject any other value anyway.
537 */ 516 */
538 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) 517 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
539 {
540 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER); 518 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
541 goto err; 519 goto err;
542 } 520 }
543 521
544 /* We have all parameters now set up context */ 522 /* We have all parameters now set up context */
545 523
@@ -557,31 +535,32 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
557 /* Carry on */ 535 /* Carry on */
558 rv = 2; 536 rv = 2;
559 537
560 err: 538err:
561 RSA_PSS_PARAMS_free(pss); 539 RSA_PSS_PARAMS_free(pss);
562 if (maskHash) 540 if (maskHash)
563 X509_ALGOR_free(maskHash); 541 X509_ALGOR_free(maskHash);
564 return rv; 542 return rv;
565 } 543}
566 544
567static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 545static int
568 X509_ALGOR *alg1, X509_ALGOR *alg2, 546rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
569 ASN1_BIT_STRING *sig) 547 X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
570 { 548{
571 int pad_mode; 549 int pad_mode;
572 EVP_PKEY_CTX *pkctx = ctx->pctx; 550 EVP_PKEY_CTX *pkctx = ctx->pctx;
551
573 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) 552 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
574 return 0; 553 return 0;
575 if (pad_mode == RSA_PKCS1_PADDING) 554 if (pad_mode == RSA_PKCS1_PADDING)
576 return 2; 555 return 2;
577 if (pad_mode == RSA_PKCS1_PSS_PADDING) 556 if (pad_mode == RSA_PKCS1_PSS_PADDING) {
578 {
579 const EVP_MD *sigmd, *mgf1md; 557 const EVP_MD *sigmd, *mgf1md;
580 RSA_PSS_PARAMS *pss = NULL; 558 RSA_PSS_PARAMS *pss = NULL;
581 X509_ALGOR *mgf1alg = NULL; 559 X509_ALGOR *mgf1alg = NULL;
582 ASN1_STRING *os1 = NULL, *os2 = NULL; 560 ASN1_STRING *os1 = NULL, *os2 = NULL;
583 EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); 561 EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
584 int saltlen, rv = 0; 562 int saltlen, rv = 0;
563
585 sigmd = EVP_MD_CTX_md(ctx); 564 sigmd = EVP_MD_CTX_md(ctx);
586 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) 565 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
587 goto err; 566 goto err;
@@ -589,62 +568,56 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
589 goto err; 568 goto err;
590 if (saltlen == -1) 569 if (saltlen == -1)
591 saltlen = EVP_MD_size(sigmd); 570 saltlen = EVP_MD_size(sigmd);
592 else if (saltlen == -2) 571 else if (saltlen == -2) {
593 {
594 saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; 572 saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
595 if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) 573 if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
596 saltlen--; 574 saltlen--;
597 } 575 }
598 pss = RSA_PSS_PARAMS_new(); 576 pss = RSA_PSS_PARAMS_new();
599 if (!pss) 577 if (!pss)
600 goto err; 578 goto err;
601 if (saltlen != 20) 579 if (saltlen != 20) {
602 {
603 pss->saltLength = ASN1_INTEGER_new(); 580 pss->saltLength = ASN1_INTEGER_new();
604 if (!pss->saltLength) 581 if (!pss->saltLength)
605 goto err; 582 goto err;
606 if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) 583 if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
607 goto err; 584 goto err;
608 } 585 }
609 if (EVP_MD_type(sigmd) != NID_sha1) 586 if (EVP_MD_type(sigmd) != NID_sha1) {
610 {
611 pss->hashAlgorithm = X509_ALGOR_new(); 587 pss->hashAlgorithm = X509_ALGOR_new();
612 if (!pss->hashAlgorithm) 588 if (!pss->hashAlgorithm)
613 goto err; 589 goto err;
614 X509_ALGOR_set_md(pss->hashAlgorithm, sigmd); 590 X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
615 } 591 }
616 if (EVP_MD_type(mgf1md) != NID_sha1) 592 if (EVP_MD_type(mgf1md) != NID_sha1) {
617 {
618 ASN1_STRING *stmp = NULL; 593 ASN1_STRING *stmp = NULL;
619 /* need to embed algorithm ID inside another */ 594 /* need to embed algorithm ID inside another */
620 mgf1alg = X509_ALGOR_new(); 595 mgf1alg = X509_ALGOR_new();
621 X509_ALGOR_set_md(mgf1alg, mgf1md); 596 X509_ALGOR_set_md(mgf1alg, mgf1md);
622 if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR), 597 if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
623 &stmp)) 598 &stmp))
624 goto err; 599 goto err;
625 pss->maskGenAlgorithm = X509_ALGOR_new(); 600 pss->maskGenAlgorithm = X509_ALGOR_new();
626 if (!pss->maskGenAlgorithm) 601 if (!pss->maskGenAlgorithm)
627 goto err; 602 goto err;
628 X509_ALGOR_set0(pss->maskGenAlgorithm, 603 X509_ALGOR_set0(pss->maskGenAlgorithm,
629 OBJ_nid2obj(NID_mgf1), 604 OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
630 V_ASN1_SEQUENCE, stmp); 605 }
631 }
632 /* Finally create string with pss parameter encoding. */ 606 /* Finally create string with pss parameter encoding. */
633 if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1)) 607 if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
634 goto err; 608 goto err;
635 if (alg2) 609 if (alg2) {
636 {
637 os2 = ASN1_STRING_dup(os1); 610 os2 = ASN1_STRING_dup(os1);
638 if (!os2) 611 if (!os2)
639 goto err; 612 goto err;
640 X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), 613 X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
641 V_ASN1_SEQUENCE, os2); 614 V_ASN1_SEQUENCE, os2);
642 } 615 }
643 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), 616 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
644 V_ASN1_SEQUENCE, os1); 617 V_ASN1_SEQUENCE, os1);
645 os1 = os2 = NULL; 618 os1 = os2 = NULL;
646 rv = 3; 619 rv = 3;
647 err: 620err:
648 if (mgf1alg) 621 if (mgf1alg)
649 X509_ALGOR_free(mgf1alg); 622 X509_ALGOR_free(mgf1alg);
650 if (pss) 623 if (pss)
@@ -652,10 +625,9 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
652 if (os1) 625 if (os1)
653 ASN1_STRING_free(os1); 626 ASN1_STRING_free(os1);
654 return rv; 627 return rv;
655
656 }
657 return 2;
658 } 628 }
629 return 2;
630}
659 631
660const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { 632const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
661 { 633 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-05 06:54:32 +0000