summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_ameth.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* sort includestb2024-11-021-2/+2
|
* Only include cryptlib.h where it's neededtb2024-11-011-3/+9
| | | | Clean up the other includes while there.
* Remove the pkey_{,public_,param_}check() handlerstb2024-08-291-11/+1
| | | | | | | | This disables the EVP_PKEY_*check() API and makes it fail (more precisely indicate lack of support) on all key types. This is an intermediate step to full removal. Removal is ok beck jsing
* Implement X509_get_signature_info()tb2024-08-281-1/+55
| | | | | | | | | | | | | | | | This is a slightly strange combination of OBJ_find_sigid_algs() and the security level API necessary because OBJ_find_sigid_algs() on its own isn't smart enough for the special needs of RSA-PSS and EdDSA. The API extracts the hash's NID and the pubkey's NID from the certificate's signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA for retrieving the corresponding information. This isn't entirely free for RSA-PSS, but for now we don't cache this information. The security bits calculation is a bit hand-wavy, but that's something that comes along with this sort of numerology. ok jsing
* Annotate RSA-PSS SHA parameter encoding as wrongtb2024-03-171-1/+9
| | | | | | | | | | | | | | A historic blunderfest in the ASN.1 module for RSA-PSS led to very confusing text in various RFCs. davidben and my current reading of this is that parameters for SHA-* should be encoded as an ASN.1 NULL rather than omitted. The use of X509_ALGOR_set_evp_md() leads to them being omitted, and is therefore counter to the specification (but allowed. We should fix this. For now, leave a reminder. See https://boringssl-review.googlesource.com/c/boringssl/+/67088 for a lot more details. ok davidben
* Inline rsa_is_pss() and rsa_pkey_is_pss()tb2024-01-101-11/+9
| | | | | | It's more explicit and not that much longer. ok jsing
* Replace .pkey_base_id with a .base_method pointertb2024-01-041-4/+4
| | | | | | | | | | | | | | | | Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method. For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that. ok jsing
* Split ameth arrays into individual methodstb2024-01-041-33/+31
| | | | | | | | | | | | For some reason DSA, GOST, and RSA had their ASN.1 methods stored in an array. This is clumsy and the only benefit is that one saves a few externs in p_lib.c. They were also arranged by ascending NID because of bsearch() madness. Split them up and arrange the methods by name, which is much saner and simpler. ok jsing
* pkey_is_pss() and pkey_ctx_is_pss() to rsa_ameth.ctb2024-01-011-1/+5
| | | | | These aren't particularly helpful and should probably both be expanded. For now move them to the only place where they are actually used.
* Rework rsa_priv_decode()tb2023-12-281-14/+17
| | | | | | | Turn the function into single exit and error check EVP_PKEY_assign() for style. ok jsing
* Clean up old_rsa_priv_decode()tb2023-12-281-4/+13
| | | | | | | Again change this function into the single exit idiom, and error check EVP_PKEY_assign(). ok jsing
* Fix X509_ALGOR_set0() usage in rsa_alg_set_oaep_padding()tb2023-11-091-4/+6
| | | | | | | | | | | Replace X509_ALGOR_set0() with X509_ALGOR_set0_by_nid(). This way there is no missing error checking for OBJ_nid2obj() and no nested functions. Slightly more importantly, this plugs two long standing potential leaks in this function (or previously rsa_cms_encrypt()) due to missing error checking: in the unlikely event that X509_ALGOR_set0() failed, astr/ostr would leak. ok jsing
* Use X509_ALGOR_set0_by_nid() in rsa_mgf1md_to_maskGenAlgorithm()tb2023-11-091-5/+2
| | | | ok jsing
* More minor cleanup in rsa_alg_set_oaep_padding()tb2023-11-081-4/+3
| | | | | Test and assign one more instance replace a useless comment by an empty line.
* Prepare further fixes of X509_ALGOR_set0() misusetb2023-11-081-8/+7
| | | | | | | | In rsa_alg_set_oaep_padding() rename los to ostr for consistency with astr, make it have function scope, free ostr in the error path and assume X509_ALGOR_set0() success. ok jca
* zap a stray spacetb2023-11-081-2/+2
|
* Rename os into astr in rsa_alg_set_oaep_padding()tb2023-11-081-6/+6
|
* Rename pkctx to pkey_ctx in rsa_alg_set_oaep_padding() and rsa_cms_encrypt()tb2023-11-081-9/+9
|
* Some simple cosmetics in rsa_alg_set_oaep_padding()tb2023-11-081-4/+8
| | | | | | | Rename rv into ret and split it on its own line, move labellen a bit down add some empty lines. To match style elsewhere. Most of this was requested by jsing
* Split OAEP padding handling into a helper functiontb2023-11-081-53/+59
| | | | | | | | This matches what is done for PKCS#1 1.5 and PSS. This function needs a lot of work still, but it's easier to do that without having to tiptoe around a lot of other garbage. ok jsing
* Move CMS_RecipientInfo_ktri_get0_algs() down a few lines and fix itstb2023-11-071-3/+6
| | | | error check
* Move CMS_RecipientInfo_get0_pkey_ctx() to first use of pkctxtb2023-11-071-3/+3
|
* Inline rsa_ctx_to_pss_string()tb2023-11-071-16/+6
| | | | | | After previous refactoring, rsa_all_set_pss_padding() is the last remaining caller of the weirdly named and ugly rsa_all_set_pss_padding(). This can be handled in a few simple lines now that this mess has slightly cleaner code.
* Rename pkctx to pkey_ctx in rsa_{cms,item}_sign()tb2023-11-071-26/+26
|
* Trivial cleanup in rsa_cms_sign()tb2023-11-071-5/+5
| | | | | Check and assign the EVP_PKEY_CTX and move the extraction of the algorithm identifier from the signer info a few lines down.
* Rework RSA_PKCS1_PSS_PADDING handling in rsa_item_sign()tb2023-11-071-14/+4
| | | | | | | | | | The current convoluted mess can be handled with two calls to the new rsa_alg_set_pss_padding() helper. Not that this would be obvious at all. This fixes two more leaks in case of X509_ALGOR_set0() failure. ok jsing
* Add a helper to set RSASSA-PSS padding parameterstb2023-11-071-10/+29
| | | | | | | | | | | | This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with appropriate RSASSA-PSS parameters. This pulls a chunk of code out of rsa_cms_sign() and rewrites it with proper error checking, thereby fixing a long-standing leak. This helper can also be used in rsa_item_sign(), but that part is a bit special, and will therefore be commmitted separately. ok jsing
* Add a helper to set RSA PKCS #1 v1.5 padding OIDtb2023-11-071-12/+15
| | | | | | | | This removes a few duplicated and unchecked X509_ALGOR_set0() calls and factors them into a helper function that sets the AlgorithmIdentifier on the recipient info or signer info to rsaEncryption with null parameters. ok jsing
* Rework the MD setting in the RSA ASN.1 methodtb2023-10-261-45/+95
| | | | | | | | | | | This streamlines the code to use safer idioms, do proper error checking and be slightly less convoluted. Sprinkle a few references to RFC 8017 and explain better what we are doing and why. Clarify ownership and use more consistent style. This removes the last internal use of X509_ALGOR_set_md(). ok jsing
* RSA's _free and _size also lose their int_ prefixtb2023-08-121-7/+7
|
* Fix a leak in rsa_pub_encode()tb2023-08-101-12/+19
| | | | | | | | rsa_param_encode() allocates the PSS parameters in an ASN1_STRING which is leaked if any error occurs later in rsa_pub_encode(). Convert the rest of the code to follow our ordinary idioms more closely. ok jsing
* rsa_priv_encode: plug leak on PKCS8_pkey_set0() failuretb2023-08-101-15/+19
| | | | | | Change the code to use safer idioms and avoid nested function calls. ok jsing
* Mop up remaining uses of ASN1_bn_print()tb2023-07-071-41/+10
| | | | | | | This removes lots of silly buffers and will allow us to make this API go away. ok jsing
* Add missing rsa_security_bit() handler to the RSA-PSS ASN1_METHODtb2023-05-191-1/+2
| | | | | | Prompted by a report by Steffen Ullrich on libressl@openbsd.org ok jsing
* Pull in <openssl/rsa.h> directlytb2023-03-251-1/+2
| | | | | | This is needed for many reasons. It is currently pulled in via x509.h but only when OPENSSL_NO_DEPRECATED is undefined. Again this should be fixed in the public header as well.
* Make internal header file names consistenttb2022-11-261-4/+4
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Prepare to provide EVP_PKEY_security_bits()tb2022-06-271-1/+8
| | | | | | | This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
* Prepare to provide EVP_PKEY_check()tb2022-01-101-4/+14
| | | | | | | | | | | | | | | | | | This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively. The corresponding setters are EVP_PKEY_{asn1,meth}_set_check(). It is unclear why the PKEY method has no const while the ASN.1 method has const. Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3 ok inoguchi jsing
* Fix rsa key output formatinoguchi2019-11-201-5/+12
| | | | | | This fixes openssl(1) rsa -text output format ok tb@
* Bring back some icky buffer allocation code so that pkey_rsa_print()jsing2019-11-021-9/+41
| | | | | | works again with the horrific API that is ASN1_bn_print(). Issue spotted by inoguchi@
* Add RSA CMS support.jsing2019-11-011-3/+252
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Update RSA ASN.1 code to handle RSA-PSS.jsing2019-11-011-299/+380
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Add support for RSA-PSS.jsing2019-10-311-1/+119
| | | | | | From OpenSSL 1.1.1d. ok inoguchi@
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-241-2/+2
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-18/+14
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-301-3/+3
|
* unifdef OPENSSL_NO_CMSjsing2016-10-191-15/+1
|
* Fix for OpenSSL CVE-2015-3194beck2015-12-031-2/+2
| | | | ok krw@
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-111-1/+15
|
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-111-15/+1
| | | | ok miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 16:52:31 +0000