return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, p1);
}
}
+
+ if (keytype == EVP_PKEY_RSA_PSS) {
+ switch(cmd) {
+ case EVP_PKEY_CTRL_MD:
+ return EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, p2);
+ }
+ }
+
/*
* keytype == -1 is used when several key types share the same structure,
* or for generic controls that are the same across multiple key types.
}
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+ const char *name;
+
+ if (ctx == NULL || md == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* If key type not RSA return error */
+ if (ctx->pmeth != NULL
+ && ctx->pmeth->pkey_id != EVP_PKEY_RSA
+ && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+ return -1;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
+ EVP_PKEY_CTRL_MD, 0, (void *)md);
+
+ name = EVP_MD_name(md);
+
+ return EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(ctx, name, NULL);
+}
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
+ const char *mdname,
+ const char *mdprops)
+{
+ OSSL_PARAM rsa_params[3], *p = rsa_params;
+
+ if (ctx == NULL || mdname == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* If key type not RSA return error */
+ if (ctx->pmeth != NULL
+ && ctx->pmeth->pkey_id != EVP_PKEY_RSA
+ && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+ return -1;
+
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (char *)mdname, 0);
+ if (mdprops != NULL) {
+ *p++ = OSSL_PARAM_construct_utf8_string(
+ OSSL_PKEY_PARAM_RSA_DIGEST_PROPS,
+ /*
+ * Cast away the const. This is read only so should be safe
+ */
+ (char *)mdprops, 0);
+ }
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, rsa_params);
+}
+
int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
{
const char *name;
}
/* If key type not RSA return error */
- if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_RSA)
+ if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_RSA &&
+ ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
=head1 NAME
EVP_PKEY_CTX_set_rsa_pss_keygen_md,
+EVP_PKEY_CTX_set_rsa_pss_keygen_md_name,
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md,
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name,
EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen
int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx,
const EVP_MD *md);
+ int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
+ const char *mdname,
+ const char *mdprops);
int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx,
const EVP_MD *md);
int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *pctx,
EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the
generated key can use to I<md>.
+EVP_PKEY_CTX_set_rsa_pss_keygen_md_name() does the same thing, but
+passes the algorithm by name rather than by B<EVP_MD>.
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the
generated key can use to I<md>.
#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto"
/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+#define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
/* Key generation parameters */
#define OSSL_PKEY_PARAM_FFC_TYPE "type"
int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx,
const char *mdname);
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
+ const char *mdname,
+ const char *mdprops);
+
int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
const char *mdprops);
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen);
int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
-# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \
- EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \
- 0, (void *)(md))
-
-
# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
#include <openssl/dh.h>
#include <openssl/aes.h>
#include <openssl/decoder.h>
+#include <openssl/rsa.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
return ret;
}
+static int test_EVP_rsa_pss_with_keygen_bits(void)
+{
+ int ret;
+ OSSL_PROVIDER *provider;
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey;
+ const EVP_MD *md;
+ pkey = NULL;
+ ret = 0;
+ provider = OSSL_PROVIDER_load(NULL, "default");
+ md = EVP_get_digestbyname("sha256");
+
+ ret = TEST_ptr((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL)))
+ && TEST_true(EVP_PKEY_keygen_init(ctx))
+ && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
+ && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
+ && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
+
+ EVP_PKEY_free(pkey);
+ EVP_PKEY_CTX_free(ctx);
+ OSSL_PROVIDER_unload(provider);
+ return ret;
+}
+
+
int setup_tests(void)
{
testctx = OSSL_LIB_CTX_new();
ADD_TEST(test_rand_agglomeration);
ADD_ALL_TESTS(test_evp_iv, 10);
+ ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
return 1;
}
EVP_PKEY_get_group_name ? 3_0_0 EXIST::FUNCTION:
CRYPTO_atomic_or ? 3_0_0 EXIST::FUNCTION:
CRYPTO_atomic_load ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_pss_keygen_md ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_pss_keygen_md_name ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_settable_params ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set_params ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set_int_param ? 3_0_0 EXIST::FUNCTION: