]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
2039c421 | 2 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. |
448be743 | 3 | * |
2039c421 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
448be743 DSH |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
448be743 DSH |
12 | #include <openssl/asn1t.h> |
13 | #include <openssl/x509.h> | |
1e26a8ba | 14 | #include <openssl/bn.h> |
3c27208f | 15 | #include <openssl/cms.h> |
5fe736e5 | 16 | #include "internal/asn1_int.h" |
3aeb9348 | 17 | #include "internal/evp_int.h" |
9862e9aa | 18 | #include "rsa_locl.h" |
448be743 | 19 | |
e968561d | 20 | #ifndef OPENSSL_NO_CMS |
0574cadf DSH |
21 | static int rsa_cms_sign(CMS_SignerInfo *si); |
22 | static int rsa_cms_verify(CMS_SignerInfo *si); | |
23 | static int rsa_cms_decrypt(CMS_RecipientInfo *ri); | |
24 | static int rsa_cms_encrypt(CMS_RecipientInfo *ri); | |
e968561d | 25 | #endif |
0574cadf | 26 | |
42009ae8 DSH |
27 | /* Set any parameters associated with pkey */ |
28 | static int rsa_param_encode(const EVP_PKEY *pkey, | |
29 | ASN1_STRING **pstr, int *pstrtype) | |
30 | { | |
31 | const RSA *rsa = pkey->pkey.rsa; | |
32 | *pstr = NULL; | |
33 | /* If RSA it's just NULL type */ | |
34 | if (pkey->ameth->pkey_id == EVP_PKEY_RSA) { | |
35 | *pstrtype = V_ASN1_NULL; | |
36 | return 1; | |
37 | } | |
38 | /* If no PSS parameters we omit parameters entirely */ | |
39 | if (rsa->pss == NULL) { | |
40 | *pstrtype = V_ASN1_UNDEF; | |
41 | return 1; | |
42 | } | |
43 | /* Encode PSS parameters */ | |
44 | if (!ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr)) { | |
45 | ASN1_STRING_free(*pstr); | |
46 | *pstr = NULL; | |
47 | return 0; | |
48 | } | |
49 | ||
50 | *pstrtype = V_ASN1_SEQUENCE; | |
51 | return 1; | |
52 | } | |
53 | /* Decode any parameters and set them in RSA structure */ | |
54 | static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg) | |
55 | { | |
56 | const ASN1_OBJECT *algoid; | |
57 | const void *algp; | |
58 | int algptype; | |
59 | ||
60 | X509_ALGOR_get0(&algoid, &algptype, &algp, alg); | |
61 | if (OBJ_obj2nid(algoid) == EVP_PKEY_RSA) | |
62 | return 1; | |
63 | if (algptype == V_ASN1_UNDEF) | |
64 | return 1; | |
65 | if (algptype != V_ASN1_SEQUENCE) | |
66 | return 0; | |
67 | rsa->pss = ASN1_item_unpack(algp, ASN1_ITEM_rptr(RSA_PSS_PARAMS)); | |
68 | if (rsa->pss == NULL) | |
69 | return 0; | |
70 | return 1; | |
71 | } | |
72 | ||
6f81892e | 73 | static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) |
0f113f3e MC |
74 | { |
75 | unsigned char *penc = NULL; | |
76 | int penclen; | |
42009ae8 DSH |
77 | ASN1_STRING *str; |
78 | int strtype; | |
79 | if (!rsa_param_encode(pkey, &str, &strtype)) | |
80 | return 0; | |
0f113f3e MC |
81 | penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); |
82 | if (penclen <= 0) | |
83 | return 0; | |
42009ae8 DSH |
84 | if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), |
85 | strtype, str, penc, penclen)) | |
0f113f3e MC |
86 | return 1; |
87 | ||
88 | OPENSSL_free(penc); | |
89 | return 0; | |
90 | } | |
448be743 DSH |
91 | |
92 | static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) | |
0f113f3e MC |
93 | { |
94 | const unsigned char *p; | |
95 | int pklen; | |
42009ae8 | 96 | X509_ALGOR *alg; |
0f113f3e | 97 | RSA *rsa = NULL; |
75ebbd9a | 98 | |
42009ae8 | 99 | if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey)) |
0f113f3e | 100 | return 0; |
75ebbd9a | 101 | if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) { |
0f113f3e MC |
102 | RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); |
103 | return 0; | |
104 | } | |
42009ae8 DSH |
105 | if (!rsa_param_decode(rsa, alg)) { |
106 | RSA_free(rsa); | |
107 | return 0; | |
108 | } | |
faa02fe2 | 109 | EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); |
0f113f3e MC |
110 | return 1; |
111 | } | |
448be743 | 112 | |
6f81892e | 113 | static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
0f113f3e MC |
114 | { |
115 | if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 | |
116 | || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) | |
117 | return 0; | |
118 | return 1; | |
119 | } | |
6f81892e | 120 | |
e4263314 | 121 | static int old_rsa_priv_decode(EVP_PKEY *pkey, |
0f113f3e MC |
122 | const unsigned char **pder, int derlen) |
123 | { | |
124 | RSA *rsa; | |
75ebbd9a RS |
125 | |
126 | if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) { | |
0f113f3e MC |
127 | RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); |
128 | return 0; | |
129 | } | |
faa02fe2 | 130 | EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); |
0f113f3e MC |
131 | return 1; |
132 | } | |
448be743 | 133 | |
e4263314 | 134 | static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) |
0f113f3e MC |
135 | { |
136 | return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); | |
137 | } | |
e4263314 | 138 | |
6f81892e | 139 | static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) |
0f113f3e MC |
140 | { |
141 | unsigned char *rk = NULL; | |
142 | int rklen; | |
42009ae8 DSH |
143 | ASN1_STRING *str; |
144 | int strtype; | |
145 | if (!rsa_param_encode(pkey, &str, &strtype)) | |
146 | return 0; | |
0f113f3e MC |
147 | rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); |
148 | ||
149 | if (rklen <= 0) { | |
150 | RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); | |
151 | return 0; | |
152 | } | |
153 | ||
faa02fe2 | 154 | if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, |
42009ae8 | 155 | strtype, str, rk, rklen)) { |
0f113f3e MC |
156 | RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); |
157 | return 0; | |
158 | } | |
159 | ||
160 | return 1; | |
161 | } | |
448be743 | 162 | |
245c6bc3 | 163 | static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) |
0f113f3e MC |
164 | { |
165 | const unsigned char *p; | |
42009ae8 | 166 | RSA *rsa; |
0f113f3e | 167 | int pklen; |
42009ae8 DSH |
168 | const X509_ALGOR *alg; |
169 | ||
170 | if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8)) | |
171 | return 0; | |
172 | rsa = d2i_RSAPrivateKey(NULL, &p, pklen); | |
173 | if (rsa == NULL) { | |
174 | RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB); | |
175 | return 0; | |
176 | } | |
177 | if (!rsa_param_decode(rsa, alg)) { | |
178 | RSA_free(rsa); | |
0f113f3e | 179 | return 0; |
42009ae8 DSH |
180 | } |
181 | EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); | |
182 | return 1; | |
0f113f3e | 183 | } |
e4263314 | 184 | |
6f81892e | 185 | static int int_rsa_size(const EVP_PKEY *pkey) |
0f113f3e MC |
186 | { |
187 | return RSA_size(pkey->pkey.rsa); | |
188 | } | |
6f81892e DSH |
189 | |
190 | static int rsa_bits(const EVP_PKEY *pkey) | |
0f113f3e MC |
191 | { |
192 | return BN_num_bits(pkey->pkey.rsa->n); | |
193 | } | |
6f81892e | 194 | |
2514fa79 | 195 | static int rsa_security_bits(const EVP_PKEY *pkey) |
0f113f3e MC |
196 | { |
197 | return RSA_security_bits(pkey->pkey.rsa); | |
198 | } | |
2514fa79 | 199 | |
6f81892e | 200 | static void int_rsa_free(EVP_PKEY *pkey) |
0f113f3e MC |
201 | { |
202 | RSA_free(pkey->pkey.rsa); | |
203 | } | |
35208f36 | 204 | |
9503ed8b DSH |
205 | static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) |
206 | { | |
207 | if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) | |
208 | return NULL; | |
209 | return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), | |
210 | alg->parameter); | |
211 | } | |
212 | ||
213 | static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss, | |
214 | int indent) | |
215 | { | |
216 | int rv = 0; | |
217 | X509_ALGOR *maskHash = NULL; | |
218 | if (!BIO_indent(bp, indent, 128)) | |
219 | goto err; | |
220 | if (pss_key) { | |
221 | if (pss == NULL) { | |
222 | if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0) | |
223 | return 0; | |
224 | return 1; | |
225 | } else { | |
226 | if (BIO_puts(bp, "PSS parameter restrictions:") <= 0) | |
227 | return 0; | |
228 | } | |
229 | } else if (pss == NULL) { | |
230 | if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0) | |
231 | return 0; | |
232 | return 1; | |
233 | } | |
234 | if (BIO_puts(bp, "\n") <= 0) | |
235 | goto err; | |
236 | if (pss_key) | |
237 | indent += 2; | |
238 | if (!BIO_indent(bp, indent, 128)) | |
239 | goto err; | |
240 | if (BIO_puts(bp, "Hash Algorithm: ") <= 0) | |
241 | goto err; | |
242 | ||
243 | if (pss->hashAlgorithm) { | |
244 | if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) | |
245 | goto err; | |
246 | } else if (BIO_puts(bp, "sha1 (default)") <= 0) | |
247 | goto err; | |
248 | ||
249 | if (BIO_puts(bp, "\n") <= 0) | |
250 | goto err; | |
251 | ||
252 | if (!BIO_indent(bp, indent, 128)) | |
253 | goto err; | |
254 | ||
255 | if (BIO_puts(bp, "Mask Algorithm: ") <= 0) | |
256 | goto err; | |
257 | if (pss->maskGenAlgorithm) { | |
258 | if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) | |
259 | goto err; | |
260 | if (BIO_puts(bp, " with ") <= 0) | |
261 | goto err; | |
262 | maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); | |
263 | if (maskHash != NULL) { | |
264 | if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) | |
265 | goto err; | |
266 | } else if (BIO_puts(bp, "INVALID") <= 0) | |
267 | goto err; | |
268 | } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) | |
269 | goto err; | |
270 | BIO_puts(bp, "\n"); | |
271 | ||
272 | if (!BIO_indent(bp, indent, 128)) | |
273 | goto err; | |
274 | if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0) | |
275 | goto err; | |
276 | if (pss->saltLength) { | |
277 | if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) | |
278 | goto err; | |
279 | } else if (BIO_puts(bp, "14 (default)") <= 0) | |
280 | goto err; | |
281 | BIO_puts(bp, "\n"); | |
282 | ||
283 | if (!BIO_indent(bp, indent, 128)) | |
284 | goto err; | |
285 | if (BIO_puts(bp, "Trailer Field: 0x") <= 0) | |
286 | goto err; | |
287 | if (pss->trailerField) { | |
288 | if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) | |
289 | goto err; | |
290 | } else if (BIO_puts(bp, "BC (default)") <= 0) | |
291 | goto err; | |
292 | BIO_puts(bp, "\n"); | |
293 | ||
294 | rv = 1; | |
295 | ||
296 | err: | |
297 | X509_ALGOR_free(maskHash); | |
298 | return rv; | |
299 | ||
300 | } | |
301 | ||
302 | static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv) | |
0f113f3e | 303 | { |
9503ed8b | 304 | const RSA *x = pkey->pkey.rsa; |
0f113f3e MC |
305 | char *str; |
306 | const char *s; | |
0f113f3e | 307 | int ret = 0, mod_len = 0; |
0f113f3e MC |
308 | |
309 | if (x->n != NULL) | |
310 | mod_len = BN_num_bits(x->n); | |
311 | ||
312 | if (!BIO_indent(bp, off, 128)) | |
313 | goto err; | |
314 | ||
87ee7b22 | 315 | if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ? "RSA-PSS" : "RSA") <= 0) |
9503ed8b DSH |
316 | goto err; |
317 | ||
0f113f3e | 318 | if (priv && x->d) { |
a773b52a | 319 | if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) |
0f113f3e MC |
320 | goto err; |
321 | str = "modulus:"; | |
322 | s = "publicExponent:"; | |
323 | } else { | |
a773b52a | 324 | if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) |
0f113f3e MC |
325 | goto err; |
326 | str = "Modulus:"; | |
327 | s = "Exponent:"; | |
328 | } | |
a773b52a | 329 | if (!ASN1_bn_print(bp, str, x->n, NULL, off)) |
0f113f3e | 330 | goto err; |
a773b52a | 331 | if (!ASN1_bn_print(bp, s, x->e, NULL, off)) |
0f113f3e MC |
332 | goto err; |
333 | if (priv) { | |
a773b52a | 334 | if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) |
0f113f3e | 335 | goto err; |
a773b52a | 336 | if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) |
0f113f3e | 337 | goto err; |
a773b52a | 338 | if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) |
0f113f3e | 339 | goto err; |
a773b52a | 340 | if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) |
0f113f3e | 341 | goto err; |
a773b52a | 342 | if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) |
0f113f3e | 343 | goto err; |
a773b52a | 344 | if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) |
0f113f3e MC |
345 | goto err; |
346 | } | |
87ee7b22 | 347 | if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off)) |
9503ed8b | 348 | goto err; |
0f113f3e MC |
349 | ret = 1; |
350 | err: | |
9503ed8b | 351 | return ret; |
0f113f3e | 352 | } |
35208f36 DSH |
353 | |
354 | static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
0f113f3e MC |
355 | ASN1_PCTX *ctx) |
356 | { | |
9503ed8b | 357 | return pkey_rsa_print(bp, pkey, indent, 0); |
0f113f3e | 358 | } |
35208f36 DSH |
359 | |
360 | static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
0f113f3e MC |
361 | ASN1_PCTX *ctx) |
362 | { | |
9503ed8b | 363 | return pkey_rsa_print(bp, pkey, indent, 1); |
0f113f3e | 364 | } |
0574cadf | 365 | |
6745a1ff | 366 | static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg) |
0f113f3e | 367 | { |
0f113f3e MC |
368 | RSA_PSS_PARAMS *pss; |
369 | ||
e93c8748 DSH |
370 | pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), |
371 | alg->parameter); | |
0f113f3e | 372 | |
6745a1ff | 373 | if (pss == NULL) |
0f113f3e MC |
374 | return NULL; |
375 | ||
6745a1ff DSH |
376 | if (pss->maskGenAlgorithm != NULL) { |
377 | pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); | |
378 | if (pss->maskHash == NULL) { | |
379 | RSA_PSS_PARAMS_free(pss); | |
380 | return NULL; | |
381 | } | |
382 | } | |
0f113f3e MC |
383 | |
384 | return pss; | |
385 | } | |
386 | ||
ff04bbe3 | 387 | static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, |
0f113f3e MC |
388 | const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) |
389 | { | |
ffc6fad5 | 390 | if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) { |
0f113f3e MC |
391 | int rv; |
392 | RSA_PSS_PARAMS *pss; | |
6745a1ff | 393 | pss = rsa_pss_decode(sigalg); |
9503ed8b | 394 | rv = rsa_pss_param_print(bp, 0, pss, indent); |
25aaa98a | 395 | RSA_PSS_PARAMS_free(pss); |
0f113f3e MC |
396 | if (!rv) |
397 | return 0; | |
398 | } else if (!sig && BIO_puts(bp, "\n") <= 0) | |
399 | return 0; | |
400 | if (sig) | |
401 | return X509_signature_dump(bp, sig, indent); | |
402 | return 1; | |
403 | } | |
492a9e24 DSH |
404 | |
405 | static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) | |
0f113f3e MC |
406 | { |
407 | X509_ALGOR *alg = NULL; | |
408 | switch (op) { | |
409 | ||
410 | case ASN1_PKEY_CTRL_PKCS7_SIGN: | |
411 | if (arg1 == 0) | |
412 | PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); | |
413 | break; | |
414 | ||
415 | case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: | |
53d2260c DSH |
416 | if (pkey_is_pss(pkey)) |
417 | return -2; | |
0f113f3e MC |
418 | if (arg1 == 0) |
419 | PKCS7_RECIP_INFO_get0_alg(arg2, &alg); | |
420 | break; | |
8931b30d | 421 | #ifndef OPENSSL_NO_CMS |
0f113f3e MC |
422 | case ASN1_PKEY_CTRL_CMS_SIGN: |
423 | if (arg1 == 0) | |
424 | return rsa_cms_sign(arg2); | |
425 | else if (arg1 == 1) | |
426 | return rsa_cms_verify(arg2); | |
427 | break; | |
428 | ||
429 | case ASN1_PKEY_CTRL_CMS_ENVELOPE: | |
53d2260c DSH |
430 | if (pkey_is_pss(pkey)) |
431 | return -2; | |
0f113f3e MC |
432 | if (arg1 == 0) |
433 | return rsa_cms_encrypt(arg2); | |
434 | else if (arg1 == 1) | |
435 | return rsa_cms_decrypt(arg2); | |
436 | break; | |
437 | ||
438 | case ASN1_PKEY_CTRL_CMS_RI_TYPE: | |
53d2260c DSH |
439 | if (pkey_is_pss(pkey)) |
440 | return -2; | |
0f113f3e MC |
441 | *(int *)arg2 = CMS_RECIPINFO_TRANS; |
442 | return 1; | |
8931b30d | 443 | #endif |
a78568b7 | 444 | |
0f113f3e MC |
445 | case ASN1_PKEY_CTRL_DEFAULT_MD_NID: |
446 | *(int *)arg2 = NID_sha256; | |
447 | return 1; | |
03919683 | 448 | |
0f113f3e MC |
449 | default: |
450 | return -2; | |
492a9e24 | 451 | |
0f113f3e | 452 | } |
492a9e24 | 453 | |
0f113f3e MC |
454 | if (alg) |
455 | X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); | |
4f1aa191 | 456 | |
0f113f3e | 457 | return 1; |
4f1aa191 | 458 | |
0f113f3e | 459 | } |
492a9e24 | 460 | |
0574cadf DSH |
461 | /* allocate and set algorithm ID from EVP_MD, default SHA1 */ |
462 | static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) | |
0f113f3e | 463 | { |
47e42b3c | 464 | if (md == NULL || EVP_MD_type(md) == NID_sha1) |
0f113f3e MC |
465 | return 1; |
466 | *palg = X509_ALGOR_new(); | |
90945fa3 | 467 | if (*palg == NULL) |
0f113f3e MC |
468 | return 0; |
469 | X509_ALGOR_set_md(*palg, md); | |
470 | return 1; | |
471 | } | |
0574cadf DSH |
472 | |
473 | /* Allocate and set MGF1 algorithm ID from EVP_MD */ | |
474 | static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) | |
0f113f3e MC |
475 | { |
476 | X509_ALGOR *algtmp = NULL; | |
477 | ASN1_STRING *stmp = NULL; | |
478 | *palg = NULL; | |
47e42b3c | 479 | if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1) |
0f113f3e MC |
480 | return 1; |
481 | /* need to embed algorithm ID inside another */ | |
482 | if (!rsa_md_to_algor(&algtmp, mgf1md)) | |
483 | goto err; | |
484 | if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) | |
485 | goto err; | |
486 | *palg = X509_ALGOR_new(); | |
90945fa3 | 487 | if (*palg == NULL) |
0f113f3e MC |
488 | goto err; |
489 | X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); | |
490 | stmp = NULL; | |
491 | err: | |
0dfb9398 | 492 | ASN1_STRING_free(stmp); |
222561fe | 493 | X509_ALGOR_free(algtmp); |
0f113f3e MC |
494 | if (*palg) |
495 | return 1; | |
496 | return 0; | |
497 | } | |
0574cadf DSH |
498 | |
499 | /* convert algorithm ID to EVP_MD, default SHA1 */ | |
500 | static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) | |
0f113f3e MC |
501 | { |
502 | const EVP_MD *md; | |
503 | if (!alg) | |
504 | return EVP_sha1(); | |
505 | md = EVP_get_digestbyobj(alg->algorithm); | |
506 | if (md == NULL) | |
507 | RSAerr(RSA_F_RSA_ALGOR_TO_MD, RSA_R_UNKNOWN_DIGEST); | |
508 | return md; | |
509 | } | |
510 | ||
0f113f3e | 511 | /* |
47e42b3c | 512 | * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter, |
0574cadf | 513 | * suitable for setting an AlgorithmIdentifier. |
31904ecd DSH |
514 | */ |
515 | ||
47e42b3c | 516 | static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) |
0f113f3e MC |
517 | { |
518 | const EVP_MD *sigmd, *mgf1md; | |
0f113f3e | 519 | EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); |
47e42b3c | 520 | int saltlen; |
0f113f3e | 521 | if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0) |
47e42b3c | 522 | return NULL; |
0f113f3e | 523 | if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) |
47e42b3c | 524 | return NULL; |
0f113f3e | 525 | if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) |
47e42b3c | 526 | return NULL; |
0f113f3e MC |
527 | if (saltlen == -1) |
528 | saltlen = EVP_MD_size(sigmd); | |
529 | else if (saltlen == -2) { | |
530 | saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; | |
531 | if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) | |
532 | saltlen--; | |
533 | } | |
47e42b3c DSH |
534 | |
535 | return rsa_pss_params_create(sigmd, mgf1md, saltlen); | |
536 | } | |
537 | ||
538 | RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, | |
539 | const EVP_MD *mgf1md, int saltlen) | |
540 | { | |
541 | RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); | |
90945fa3 | 542 | if (pss == NULL) |
0f113f3e MC |
543 | goto err; |
544 | if (saltlen != 20) { | |
545 | pss->saltLength = ASN1_INTEGER_new(); | |
90945fa3 | 546 | if (pss->saltLength == NULL) |
0f113f3e MC |
547 | goto err; |
548 | if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) | |
549 | goto err; | |
550 | } | |
551 | if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd)) | |
552 | goto err; | |
47e42b3c DSH |
553 | if (mgf1md == NULL) |
554 | mgf1md = sigmd; | |
0f113f3e MC |
555 | if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) |
556 | goto err; | |
47e42b3c | 557 | return pss; |
0f113f3e | 558 | err: |
25aaa98a | 559 | RSA_PSS_PARAMS_free(pss); |
0f113f3e MC |
560 | return NULL; |
561 | } | |
562 | ||
47e42b3c DSH |
563 | static ASN1_STRING *rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx) |
564 | { | |
565 | RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx); | |
566 | ASN1_STRING *os = NULL; | |
567 | if (pss == NULL) | |
568 | return NULL; | |
569 | ||
570 | if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) { | |
571 | ASN1_STRING_free(os); | |
572 | os = NULL; | |
573 | } | |
574 | RSA_PSS_PARAMS_free(pss); | |
575 | return os; | |
576 | } | |
577 | ||
0f113f3e MC |
578 | /* |
579 | * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL | |
0d4fb843 | 580 | * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are |
0f113f3e | 581 | * passed to pkctx instead. |
0574cadf | 582 | */ |
31904ecd | 583 | |
0574cadf | 584 | static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, |
0f113f3e MC |
585 | X509_ALGOR *sigalg, EVP_PKEY *pkey) |
586 | { | |
587 | int rv = -1; | |
588 | int saltlen; | |
589 | const EVP_MD *mgf1md = NULL, *md = NULL; | |
590 | RSA_PSS_PARAMS *pss; | |
0f113f3e | 591 | /* Sanity check: make sure it is PSS */ |
ffc6fad5 | 592 | if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) { |
0f113f3e MC |
593 | RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); |
594 | return -1; | |
595 | } | |
596 | /* Decode PSS parameters */ | |
6745a1ff | 597 | pss = rsa_pss_decode(sigalg); |
0f113f3e | 598 | |
cfd81c6d | 599 | if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) { |
0f113f3e MC |
600 | RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS); |
601 | goto err; | |
602 | } | |
0f113f3e MC |
603 | |
604 | /* We have all parameters now set up context */ | |
0f113f3e MC |
605 | if (pkey) { |
606 | if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) | |
607 | goto err; | |
608 | } else { | |
609 | const EVP_MD *checkmd; | |
610 | if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0) | |
611 | goto err; | |
612 | if (EVP_MD_type(md) != EVP_MD_type(checkmd)) { | |
613 | RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_DIGEST_DOES_NOT_MATCH); | |
614 | goto err; | |
615 | } | |
616 | } | |
617 | ||
618 | if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) | |
619 | goto err; | |
620 | ||
621 | if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) | |
622 | goto err; | |
623 | ||
624 | if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) | |
625 | goto err; | |
626 | /* Carry on */ | |
627 | rv = 1; | |
628 | ||
629 | err: | |
630 | RSA_PSS_PARAMS_free(pss); | |
0f113f3e MC |
631 | return rv; |
632 | } | |
492a9e24 | 633 | |
cfd81c6d DSH |
634 | int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, |
635 | const EVP_MD **pmgf1md, int *psaltlen) | |
636 | { | |
637 | if (pss == NULL) | |
638 | return 0; | |
639 | *pmd = rsa_algor_to_md(pss->hashAlgorithm); | |
640 | if (*pmd == NULL) | |
641 | return 0; | |
642 | *pmgf1md = rsa_algor_to_md(pss->maskHash); | |
643 | if (*pmgf1md == NULL) | |
644 | return 0; | |
645 | if (pss->saltLength) { | |
646 | *psaltlen = ASN1_INTEGER_get(pss->saltLength); | |
647 | if (*psaltlen < 0) { | |
648 | RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_SALT_LENGTH); | |
649 | return 0; | |
650 | } | |
651 | } else | |
652 | *psaltlen = 20; | |
653 | ||
654 | /* | |
655 | * low-level routines support only trailer field 0xbc (value 1) and | |
656 | * PKCS#1 says we should reject any other value anyway. | |
657 | */ | |
658 | if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { | |
659 | RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_TRAILER); | |
660 | return 0; | |
661 | } | |
662 | ||
663 | return 1; | |
664 | } | |
665 | ||
e968561d | 666 | #ifndef OPENSSL_NO_CMS |
0574cadf | 667 | static int rsa_cms_verify(CMS_SignerInfo *si) |
0f113f3e MC |
668 | { |
669 | int nid, nid2; | |
670 | X509_ALGOR *alg; | |
671 | EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); | |
672 | CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); | |
673 | nid = OBJ_obj2nid(alg->algorithm); | |
674 | if (nid == NID_rsaEncryption) | |
675 | return 1; | |
ffc6fad5 | 676 | if (nid == EVP_PKEY_RSA_PSS) |
0f113f3e MC |
677 | return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); |
678 | /* Workaround for some implementation that use a signature OID */ | |
679 | if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { | |
680 | if (nid2 == NID_rsaEncryption) | |
681 | return 1; | |
682 | } | |
683 | return 0; | |
684 | } | |
e968561d | 685 | #endif |
0f113f3e MC |
686 | |
687 | /* | |
688 | * Customised RSA item verification routine. This is called when a signature | |
689 | * is encountered requiring special handling. We currently only handle PSS. | |
0574cadf DSH |
690 | */ |
691 | ||
0574cadf | 692 | static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, |
0f113f3e MC |
693 | X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, |
694 | EVP_PKEY *pkey) | |
695 | { | |
696 | /* Sanity check: make sure it is PSS */ | |
ffc6fad5 | 697 | if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) { |
0f113f3e MC |
698 | RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); |
699 | return -1; | |
700 | } | |
09f06923 | 701 | if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) { |
0f113f3e MC |
702 | /* Carry on */ |
703 | return 2; | |
09f06923 | 704 | } |
0f113f3e MC |
705 | return -1; |
706 | } | |
0574cadf | 707 | |
e968561d | 708 | #ifndef OPENSSL_NO_CMS |
0574cadf | 709 | static int rsa_cms_sign(CMS_SignerInfo *si) |
0f113f3e MC |
710 | { |
711 | int pad_mode = RSA_PKCS1_PADDING; | |
712 | X509_ALGOR *alg; | |
713 | EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); | |
714 | ASN1_STRING *os = NULL; | |
715 | CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); | |
716 | if (pkctx) { | |
717 | if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) | |
718 | return 0; | |
719 | } | |
720 | if (pad_mode == RSA_PKCS1_PADDING) { | |
721 | X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); | |
722 | return 1; | |
723 | } | |
724 | /* We don't support it */ | |
725 | if (pad_mode != RSA_PKCS1_PSS_PADDING) | |
726 | return 0; | |
47e42b3c | 727 | os = rsa_ctx_to_pss_string(pkctx); |
0f113f3e MC |
728 | if (!os) |
729 | return 0; | |
ffc6fad5 | 730 | X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); |
0f113f3e MC |
731 | return 1; |
732 | } | |
e968561d | 733 | #endif |
0574cadf | 734 | |
17c63d1c | 735 | static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, |
0f113f3e MC |
736 | X509_ALGOR *alg1, X509_ALGOR *alg2, |
737 | ASN1_BIT_STRING *sig) | |
738 | { | |
739 | int pad_mode; | |
6e59a892 | 740 | EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); |
0f113f3e MC |
741 | if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) |
742 | return 0; | |
743 | if (pad_mode == RSA_PKCS1_PADDING) | |
744 | return 2; | |
745 | if (pad_mode == RSA_PKCS1_PSS_PADDING) { | |
746 | ASN1_STRING *os1 = NULL; | |
47e42b3c | 747 | os1 = rsa_ctx_to_pss_string(pkctx); |
0f113f3e MC |
748 | if (!os1) |
749 | return 0; | |
750 | /* Duplicate parameters if we have to */ | |
751 | if (alg2) { | |
752 | ASN1_STRING *os2 = ASN1_STRING_dup(os1); | |
753 | if (!os2) { | |
754 | ASN1_STRING_free(os1); | |
755 | return 0; | |
756 | } | |
ffc6fad5 | 757 | X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), |
0f113f3e MC |
758 | V_ASN1_SEQUENCE, os2); |
759 | } | |
ffc6fad5 | 760 | X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), |
0f113f3e MC |
761 | V_ASN1_SEQUENCE, os1); |
762 | return 3; | |
763 | } | |
764 | return 2; | |
765 | } | |
17c63d1c | 766 | |
e968561d | 767 | #ifndef OPENSSL_NO_CMS |
6745a1ff | 768 | static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg) |
0f113f3e | 769 | { |
6745a1ff | 770 | RSA_OAEP_PARAMS *oaep; |
0574cadf | 771 | |
6745a1ff | 772 | oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), |
e93c8748 | 773 | alg->parameter); |
0574cadf | 774 | |
6745a1ff | 775 | if (oaep == NULL) |
0f113f3e | 776 | return NULL; |
0574cadf | 777 | |
6745a1ff DSH |
778 | if (oaep->maskGenFunc != NULL) { |
779 | oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc); | |
780 | if (oaep->maskHash == NULL) { | |
781 | RSA_OAEP_PARAMS_free(oaep); | |
782 | return NULL; | |
783 | } | |
784 | } | |
785 | return oaep; | |
0f113f3e | 786 | } |
0574cadf DSH |
787 | |
788 | static int rsa_cms_decrypt(CMS_RecipientInfo *ri) | |
0f113f3e MC |
789 | { |
790 | EVP_PKEY_CTX *pkctx; | |
791 | X509_ALGOR *cmsalg; | |
792 | int nid; | |
793 | int rv = -1; | |
794 | unsigned char *label = NULL; | |
795 | int labellen = 0; | |
796 | const EVP_MD *mgf1md = NULL, *md = NULL; | |
797 | RSA_OAEP_PARAMS *oaep; | |
0f113f3e MC |
798 | pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); |
799 | if (!pkctx) | |
800 | return 0; | |
801 | if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg)) | |
802 | return -1; | |
803 | nid = OBJ_obj2nid(cmsalg->algorithm); | |
804 | if (nid == NID_rsaEncryption) | |
805 | return 1; | |
806 | if (nid != NID_rsaesOaep) { | |
807 | RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE); | |
808 | return -1; | |
809 | } | |
810 | /* Decode OAEP parameters */ | |
6745a1ff | 811 | oaep = rsa_oaep_decode(cmsalg); |
0f113f3e MC |
812 | |
813 | if (oaep == NULL) { | |
814 | RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS); | |
815 | goto err; | |
816 | } | |
817 | ||
6745a1ff | 818 | mgf1md = rsa_algor_to_md(oaep->maskHash); |
0f113f3e MC |
819 | if (!mgf1md) |
820 | goto err; | |
821 | md = rsa_algor_to_md(oaep->hashFunc); | |
822 | if (!md) | |
823 | goto err; | |
824 | ||
825 | if (oaep->pSourceFunc) { | |
826 | X509_ALGOR *plab = oaep->pSourceFunc; | |
827 | if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { | |
828 | RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE); | |
829 | goto err; | |
830 | } | |
831 | if (plab->parameter->type != V_ASN1_OCTET_STRING) { | |
832 | RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL); | |
833 | goto err; | |
834 | } | |
835 | ||
836 | label = plab->parameter->value.octet_string->data; | |
837 | /* Stop label being freed when OAEP parameters are freed */ | |
838 | plab->parameter->value.octet_string->data = NULL; | |
839 | labellen = plab->parameter->value.octet_string->length; | |
840 | } | |
841 | ||
842 | if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) | |
843 | goto err; | |
844 | if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0) | |
845 | goto err; | |
846 | if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) | |
847 | goto err; | |
848 | if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) | |
849 | goto err; | |
850 | /* Carry on */ | |
851 | rv = 1; | |
852 | ||
853 | err: | |
854 | RSA_OAEP_PARAMS_free(oaep); | |
0f113f3e MC |
855 | return rv; |
856 | } | |
0574cadf DSH |
857 | |
858 | static int rsa_cms_encrypt(CMS_RecipientInfo *ri) | |
0f113f3e MC |
859 | { |
860 | const EVP_MD *md, *mgf1md; | |
861 | RSA_OAEP_PARAMS *oaep = NULL; | |
862 | ASN1_STRING *os = NULL; | |
863 | X509_ALGOR *alg; | |
864 | EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
865 | int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; | |
866 | unsigned char *label; | |
867 | CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg); | |
868 | if (pkctx) { | |
869 | if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) | |
870 | return 0; | |
871 | } | |
872 | if (pad_mode == RSA_PKCS1_PADDING) { | |
873 | X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); | |
874 | return 1; | |
875 | } | |
876 | /* Not supported */ | |
877 | if (pad_mode != RSA_PKCS1_OAEP_PADDING) | |
878 | return 0; | |
879 | if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0) | |
880 | goto err; | |
881 | if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) | |
882 | goto err; | |
883 | labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label); | |
884 | if (labellen < 0) | |
885 | goto err; | |
886 | oaep = RSA_OAEP_PARAMS_new(); | |
90945fa3 | 887 | if (oaep == NULL) |
0f113f3e MC |
888 | goto err; |
889 | if (!rsa_md_to_algor(&oaep->hashFunc, md)) | |
890 | goto err; | |
891 | if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) | |
892 | goto err; | |
893 | if (labellen > 0) { | |
5e8129f2 | 894 | ASN1_OCTET_STRING *los; |
0f113f3e | 895 | oaep->pSourceFunc = X509_ALGOR_new(); |
90945fa3 | 896 | if (oaep->pSourceFunc == NULL) |
0f113f3e | 897 | goto err; |
5e8129f2 | 898 | los = ASN1_OCTET_STRING_new(); |
90945fa3 | 899 | if (los == NULL) |
0f113f3e MC |
900 | goto err; |
901 | if (!ASN1_OCTET_STRING_set(los, label, labellen)) { | |
902 | ASN1_OCTET_STRING_free(los); | |
903 | goto err; | |
904 | } | |
905 | X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), | |
906 | V_ASN1_OCTET_STRING, los); | |
907 | } | |
908 | /* create string with pss parameter encoding. */ | |
909 | if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os)) | |
910 | goto err; | |
911 | X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os); | |
912 | os = NULL; | |
913 | rv = 1; | |
914 | err: | |
25aaa98a | 915 | RSA_OAEP_PARAMS_free(oaep); |
0dfb9398 | 916 | ASN1_STRING_free(os); |
0f113f3e MC |
917 | return rv; |
918 | } | |
e968561d | 919 | #endif |
0f113f3e | 920 | |
578b5514 | 921 | const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { |
0f113f3e MC |
922 | { |
923 | EVP_PKEY_RSA, | |
924 | EVP_PKEY_RSA, | |
925 | ASN1_PKEY_SIGPARAM_NULL, | |
926 | ||
927 | "RSA", | |
928 | "OpenSSL RSA method", | |
929 | ||
930 | rsa_pub_decode, | |
931 | rsa_pub_encode, | |
932 | rsa_pub_cmp, | |
933 | rsa_pub_print, | |
934 | ||
935 | rsa_priv_decode, | |
936 | rsa_priv_encode, | |
937 | rsa_priv_print, | |
938 | ||
939 | int_rsa_size, | |
940 | rsa_bits, | |
941 | rsa_security_bits, | |
942 | ||
943 | 0, 0, 0, 0, 0, 0, | |
944 | ||
945 | rsa_sig_print, | |
946 | int_rsa_free, | |
947 | rsa_pkey_ctrl, | |
948 | old_rsa_priv_decode, | |
949 | old_rsa_priv_encode, | |
950 | rsa_item_verify, | |
951 | rsa_item_sign}, | |
952 | ||
953 | { | |
954 | EVP_PKEY_RSA2, | |
955 | EVP_PKEY_RSA, | |
956 | ASN1_PKEY_ALIAS} | |
957 | }; | |
4e8ba747 DSH |
958 | |
959 | const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { | |
960 | EVP_PKEY_RSA_PSS, | |
961 | EVP_PKEY_RSA_PSS, | |
962 | ASN1_PKEY_SIGPARAM_NULL, | |
963 | ||
964 | "RSA-PSS", | |
965 | "OpenSSL RSA-PSS method", | |
966 | ||
967 | rsa_pub_decode, | |
968 | rsa_pub_encode, | |
969 | rsa_pub_cmp, | |
970 | rsa_pub_print, | |
971 | ||
972 | rsa_priv_decode, | |
973 | rsa_priv_encode, | |
974 | rsa_priv_print, | |
975 | ||
976 | int_rsa_size, | |
977 | rsa_bits, | |
978 | rsa_security_bits, | |
979 | ||
980 | 0, 0, 0, 0, 0, 0, | |
981 | ||
982 | rsa_sig_print, | |
983 | int_rsa_free, | |
984 | rsa_pkey_ctrl, | |
985 | 0, 0, | |
986 | rsa_item_verify, | |
987 | rsa_item_sign, | |
988 | }; |