195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * project 2006. 395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* ==================================================================== 595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Redistribution and use in source and binary forms, with or without 895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * modification, are permitted provided that the following conditions 995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * are met: 1095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. Redistributions of source code must retain the above copyright 1295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer. 1395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. Redistributions in binary form must reproduce the above copyright 1595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer in 1695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the documentation and/or other materials provided with the 1795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * distribution. 1895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3. All advertising materials mentioning features or use of this 2095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * software must display the following acknowledgment: 2195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 2295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * endorse or promote products derived from this software without 2695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * prior written permission. For written permission, please contact 2795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * licensing@OpenSSL.org. 2895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5. Products derived from this software may not be called "OpenSSL" 3095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * nor may "OpenSSL" appear in their names without prior written 3195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * permission of the OpenSSL Project. 3295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6. Redistributions of any form whatsoever must retain the following 3495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * acknowledgment: 3595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 3695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 3995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 4895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 4995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 5095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ==================================================================== 5195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This product includes cryptographic software written by Eric Young 5395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * (eay@cryptsoft.com). This product includes software written by Tim 5495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Hudson (tjh@cryptsoft.com). */ 5595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 5695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/evp.h> 5795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 5895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/asn1.h> 5995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/asn1t.h> 6095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/digest.h> 6195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/err.h> 6295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/mem.h> 6395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/obj.h> 6495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/rsa.h> 6595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/x509.h> 6695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 6795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include "../rsa/internal.h" 6895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include "internal.h" 6995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 7095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 7195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { 7295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley uint8_t *encoded = NULL; 7395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int len; 7495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley len = i2d_RSAPublicKey(pkey->pkey.rsa, &encoded); 7595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 7695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (len <= 0) { 7795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 7895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 7995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 8095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), V_ASN1_NULL, NULL, 8195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley encoded, len)) { 8295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(encoded); 8395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 8495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 8595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 8695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 8795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 8895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 8995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { 9095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const uint8_t *p; 9195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int pklen; 9295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA *rsa; 9395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 9495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) { 9595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 9695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 9795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa = d2i_RSAPublicKey(NULL, &p, pklen); 9895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (rsa == NULL) { 9995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_pub_decode, ERR_R_RSA_LIB); 10095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 10195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 10295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_assign_RSA(pkey, rsa); 10395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 10495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 10595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 10695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { 10795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) == 0 && 10895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) == 0; 10995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 11095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 11195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { 11295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley uint8_t *rk = NULL; 11395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int rklen; 11495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 11595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); 11695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 11795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (rklen <= 0) { 11895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_priv_encode, ERR_R_MALLOC_FAILURE); 11995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 12095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 12195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 12295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* TODO(fork): const correctness in next line. */ 12395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_rsaEncryption), 0, 12495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley V_ASN1_NULL, NULL, rk, rklen)) { 12595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_priv_encode, ERR_R_MALLOC_FAILURE); 12695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 12795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 12895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 12995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 13095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 13195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 13295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { 13395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const uint8_t *p; 13495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int pklen; 13595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA *rsa; 13695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 13795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) { 13895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_priv_decode, ERR_R_MALLOC_FAILURE); 13995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 14095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 14195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 14295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa = d2i_RSAPrivateKey(NULL, &p, pklen); 14395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (rsa == NULL) { 14495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_priv_decode, ERR_R_RSA_LIB); 14595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 14695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 14795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 14895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_assign_RSA(pkey, rsa); 14995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 15095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 15195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 152ecc0ce7e67b7dcfdfc57ffa99d70c9a04996e15bDavid Benjaminstatic int rsa_opaque(const EVP_PKEY *pkey) { 153ecc0ce7e67b7dcfdfc57ffa99d70c9a04996e15bDavid Benjamin return RSA_is_opaque(pkey->pkey.rsa); 154ecc0ce7e67b7dcfdfc57ffa99d70c9a04996e15bDavid Benjamin} 155ecc0ce7e67b7dcfdfc57ffa99d70c9a04996e15bDavid Benjamin 15695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int int_rsa_size(const EVP_PKEY *pkey) { 15795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return RSA_size(pkey->pkey.rsa); 15895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 15995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_bits(const EVP_PKEY *pkey) { 16195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return BN_num_bits(pkey->pkey.rsa->n); 16295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 16395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic void int_rsa_free(EVP_PKEY *pkey) { RSA_free(pkey->pkey.rsa); } 16595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic void update_buflen(const BIGNUM *b, size_t *pbuflen) { 16795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley size_t i; 16895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!b) { 17095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return; 17195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 17295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley i = BN_num_bytes(b); 17495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (*pbuflen < i) { 17595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *pbuflen = i; 17695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 17795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 17895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int do_rsa_print(BIO *out, const RSA *rsa, int off, 18095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int include_private) { 18195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley char *str; 18295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const char *s; 18395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley uint8_t *m = NULL; 18495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret = 0, mod_len = 0; 18595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley size_t buf_len = 0; 18695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 18795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley update_buflen(rsa->n, &buf_len); 18895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley update_buflen(rsa->e, &buf_len); 18995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (include_private) { 19195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley update_buflen(rsa->d, &buf_len); 19295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley update_buflen(rsa->p, &buf_len); 19395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley update_buflen(rsa->q, &buf_len); 19495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley update_buflen(rsa->dmp1, &buf_len); 19595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley update_buflen(rsa->dmq1, &buf_len); 19695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley update_buflen(rsa->iqmp, &buf_len); 19795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 19895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley m = (uint8_t *)OPENSSL_malloc(buf_len + 10); 20095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (m == NULL) { 20195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, do_rsa_print, ERR_R_MALLOC_FAILURE); 20295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 20395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 20495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (rsa->n != NULL) { 20695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley mod_len = BN_num_bits(rsa->n); 20795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 20895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!BIO_indent(out, off, 128)) { 21095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 21195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 21295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 21395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (include_private && rsa->d) { 21495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (BIO_printf(out, "Private-Key: (%d bit)\n", mod_len) <= 0) { 21595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 21695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 21795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley str = "modulus:"; 21895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s = "publicExponent:"; 21995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else { 22095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (BIO_printf(out, "Public-Key: (%d bit)\n", mod_len) <= 0) { 22195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 22295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 22395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley str = "Modulus:"; 22495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s = "Exponent:"; 22595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 22695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ASN1_bn_print(out, str, rsa->n, m, off) || 22795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !ASN1_bn_print(out, s, rsa->e, m, off)) { 22895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 22995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 23095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 23195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (include_private) { 23295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ASN1_bn_print(out, "privateExponent:", rsa->d, m, off) || 23395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !ASN1_bn_print(out, "prime1:", rsa->p, m, off) || 23495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !ASN1_bn_print(out, "prime2:", rsa->q, m, off) || 23595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !ASN1_bn_print(out, "exponent1:", rsa->dmp1, m, off) || 23695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !ASN1_bn_print(out, "exponent2:", rsa->dmq1, m, off) || 23795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !ASN1_bn_print(out, "coefficient:", rsa->iqmp, m, off)) { 23895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 23995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 24095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 24195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret = 1; 24295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 24395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyerr: 24495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (m != NULL) { 24595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(m); 24695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 24795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ret; 24895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 24995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 25095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, 25195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_PCTX *ctx) { 25295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); 25395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 25495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 25595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 25695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, 25795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_PCTX *ctx) { 25895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); 25995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 26095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 26195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */ 26295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) { 26395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const uint8_t *p; 26495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int plen; 26595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 26695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (alg == NULL || 26795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OBJ_obj2nid(alg->algorithm) != NID_mgf1 || 26895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley alg->parameter->type != V_ASN1_SEQUENCE) { 26995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 27095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 27195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 27295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley p = alg->parameter->value.sequence->data; 27395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley plen = alg->parameter->value.sequence->length; 27495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return d2i_X509_ALGOR(NULL, &p, plen); 27595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 27695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 27795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, 27895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR **pmaskHash) { 27995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const uint8_t *p; 28095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int plen; 28195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA_PSS_PARAMS *pss; 28295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 28395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *pmaskHash = NULL; 28495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 28595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) { 28695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 28795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 28895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley p = alg->parameter->value.sequence->data; 28995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley plen = alg->parameter->value.sequence->length; 29095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); 29195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 29295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!pss) { 29395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 29495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 29595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 29695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); 29795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 29895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return pss; 29995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 30095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 30195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, 30295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR *maskHash, int indent) { 30395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int rv = 0; 30495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 30595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!pss) { 30695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) { 30795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 30895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 30995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 31095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 31195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 31295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (BIO_puts(bp, "\n") <= 0 || 31395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !BIO_indent(bp, indent, 128) || 31495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BIO_puts(bp, "Hash Algorithm: ") <= 0) { 31595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 31695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 31795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 31895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss->hashAlgorithm) { 31995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) { 32095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 32195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else if (BIO_puts(bp, "sha1 (default)") <= 0) { 32395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 32495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 32695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (BIO_puts(bp, "\n") <= 0 || 32795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !BIO_indent(bp, indent, 128) || 32895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BIO_puts(bp, "Mask Algorithm: ") <= 0) { 32995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 33095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 33195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 33295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss->maskGenAlgorithm) { 33395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0 || 33495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BIO_puts(bp, " with ") <= 0) { 33595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 33695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 33795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 33895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (maskHash) { 33995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) { 34095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 34195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 34295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else if (BIO_puts(bp, "INVALID") <= 0) { 34395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 34495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 34595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) { 34695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 34795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 34895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BIO_puts(bp, "\n"); 34995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 35095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!BIO_indent(bp, indent, 128) || 35195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BIO_puts(bp, "Salt Length: 0x") <= 0) { 35295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 35395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 35495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 35595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss->saltLength) { 35695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) { 35795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 35895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 359467c87e318c70699f22ca028c93af3f4b901db9eAdam Langley } else if (BIO_puts(bp, "14 (default)") <= 0) { 36095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 36195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 36295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BIO_puts(bp, "\n"); 36395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 36495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!BIO_indent(bp, indent, 128) || 36595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BIO_puts(bp, "Trailer Field: 0x") <= 0) { 36695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 36795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 36895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 36995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss->trailerField) { 37095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) { 37195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 37295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 37395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else if (BIO_puts(bp, "BC (default)") <= 0) { 37495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 37595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 37695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BIO_puts(bp, "\n"); 37795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 37895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rv = 1; 37995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 38095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyerr: 38195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return rv; 38295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 38395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 38495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, 38595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) { 38695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) { 38795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int rv; 38895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA_PSS_PARAMS *pss; 38995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR *maskHash; 39095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 39195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley pss = rsa_pss_decode(sigalg, &maskHash); 39295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rv = rsa_pss_param_print(bp, pss, maskHash, indent); 39395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss) { 39495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA_PSS_PARAMS_free(pss); 39595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 39695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (maskHash) { 39795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR_free(maskHash); 39895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 39995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!rv) { 40095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 40195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 40295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else if (!sig && BIO_puts(bp, "\n") <= 0) { 40395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 40495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 40595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 40695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (sig) { 40795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return X509_signature_dump(bp, sig, indent); 40895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 40995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 41095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 41195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 41295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { 41395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR *alg = NULL; 41495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley switch (op) { 41595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 41695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *(int *)arg2 = NID_sha1; 41795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 41895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 41995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley default: 42095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return -2; 42195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 42295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 42395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (alg) { 42495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); 42595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 42695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 42795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 42895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 42995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 43095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, 43195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int derlen) { 43295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA *rsa = d2i_RSAPrivateKey(NULL, pder, derlen); 43395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (rsa == NULL) { 43495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, old_rsa_priv_decode, ERR_R_RSA_LIB); 43595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 43695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 43795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_assign_RSA(pkey, rsa); 43895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 43995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 44095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 44195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) { 44295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); 44395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 44495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 44595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* allocate and set algorithm ID from EVP_MD, default SHA1 */ 44695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) { 44795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (EVP_MD_type(md) == NID_sha1) { 44895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 44995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 45095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *palg = X509_ALGOR_new(); 45195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!*palg) { 45295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 45395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 45495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR_set_md(*palg, md); 45595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 45695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 45795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 45895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Allocate and set MGF1 algorithm ID from EVP_MD */ 45995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) { 46095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR *algtmp = NULL; 46195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_STRING *stmp = NULL; 46295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *palg = NULL; 46395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 46495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (EVP_MD_type(mgf1md) == NID_sha1) { 46595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 46695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 46795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* need to embed algorithm ID inside another */ 46895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!rsa_md_to_algor(&algtmp, mgf1md) || 46995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) { 47095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 47195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 47295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *palg = X509_ALGOR_new(); 47395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!*palg) { 47495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 47595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 47695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); 47795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley stmp = NULL; 47895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 47995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyerr: 48095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (stmp) 48195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_STRING_free(stmp); 48295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (algtmp) 48395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR_free(algtmp); 48495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (*palg) 48595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 48695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 48795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 48895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 48995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 49095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* convert algorithm ID to EVP_MD, default SHA1 */ 49195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) { 49295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const EVP_MD *md; 49395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!alg) { 49495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return EVP_sha1(); 49595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 49695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley md = EVP_get_digestbyobj(alg->algorithm); 49795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (md == NULL) { 49895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_algor_to_md, EVP_R_UNKNOWN_DIGEST); 49995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 50095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return md; 50195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 50295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 50395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */ 50495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash) { 50595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const EVP_MD *md; 50695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!alg) { 50795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return EVP_sha1(); 50895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 50995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Check mask and lookup mask hash algorithm */ 51095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) { 51195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_mgf1_to_md, EVP_R_UNSUPPORTED_MASK_ALGORITHM); 51295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 51395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 51495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!maskHash) { 51595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_mgf1_to_md, EVP_R_UNSUPPORTED_MASK_PARAMETER); 51695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 51795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 51895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley md = EVP_get_digestbyobj(maskHash->algorithm); 51995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (md == NULL) { 52095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_mgf1_to_md, EVP_R_UNKNOWN_MASK_DIGEST); 52195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 52295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 52395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return md; 52495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 52595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* rsa_ctx_to_pss converts EVP_PKEY_CTX in PSS mode into corresponding 52795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * algorithm parameter, suitable for setting as an AlgorithmIdentifier. */ 52895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) { 52995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const EVP_MD *sigmd, *mgf1md; 53095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA_PSS_PARAMS *pss = NULL; 53195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_STRING *os = NULL; 53295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); 53395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int saltlen, rv = 0; 53495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 53595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0 || 53695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0 || 53795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) { 53895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 53995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 54095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (saltlen == -1) { 54295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley saltlen = EVP_MD_size(sigmd); 54395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else if (saltlen == -2) { 54495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; 54595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) { 54695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley saltlen--; 54795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 54895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else { 54995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 55095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 55195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 55295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley pss = RSA_PSS_PARAMS_new(); 55395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!pss) { 55495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 55595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 55695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 55795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (saltlen != 20) { 55895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley pss->saltLength = ASN1_INTEGER_new(); 55995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!pss->saltLength || 56095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !ASN1_INTEGER_set(pss->saltLength, saltlen)) { 56195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 56295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 56395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 56495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 56595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) || 56695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) { 56795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 56895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 56995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 57095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Finally create string with pss parameter encoding. */ 57195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) { 57295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 57395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rv = 1; 57595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 57695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyerr: 57795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss) 57895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA_PSS_PARAMS_free(pss); 57995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (rv) 58095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return os; 58195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (os) 58295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_STRING_free(os); 58395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 58495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 58595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 58695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* From PSS AlgorithmIdentifier set public key parameters. If pkey 58795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * isn't NULL then the EVP_MD_CTX is setup and initalised. If it 58895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * is NULL parameters are passed to pkctx instead. */ 58995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, 59095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR *sigalg, EVP_PKEY *pkey) { 59195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret = -1; 59295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int saltlen; 59395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const EVP_MD *mgf1md = NULL, *md = NULL; 59495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA_PSS_PARAMS *pss; 59595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR *maskHash; 59695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 59795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Sanity check: make sure it is PSS */ 59895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { 59995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_UNSUPPORTED_SIGNATURE_TYPE); 60095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return -1; 60195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 60295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Decode PSS parameters */ 60395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley pss = rsa_pss_decode(sigalg, &maskHash); 60495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss == NULL) { 60595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_PSS_PARAMETERS); 60695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 60795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 60895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 60995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash); 61095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!mgf1md) { 61195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 61295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 61395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley md = rsa_algor_to_md(pss->hashAlgorithm); 61495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!md) { 61595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 61695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 61795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 61895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley saltlen = 20; 61995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss->saltLength) { 62095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley saltlen = ASN1_INTEGER_get(pss->saltLength); 62195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 62295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Could perform more salt length sanity checks but the main 62395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * RSA routines will trap other invalid values anyway. */ 62495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (saltlen < 0) { 62595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_SALT_LENGTH); 62695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 62795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 62895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 62995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 63095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* low-level routines support only trailer field 0xbc (value 1) 63195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * and PKCS#1 says we should reject any other value anyway. */ 63295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { 63395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_TRAILER); 63495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 63595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 63695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 63795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pkey) { 63895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) { 63995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 64095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 64195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } else { 64295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const EVP_MD *checkmd; 64395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0) { 64495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 64595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 64695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (EVP_MD_type(md) != EVP_MD_type(checkmd)) { 64795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_DIGEST_DOES_NOT_MATCH); 64895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 64995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 65095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 65195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 65295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0 || 65395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0 || 65495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) { 65595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 65695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 65795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 65895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret = 1; 65995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 66095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyerr: 66195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley RSA_PSS_PARAMS_free(pss); 66295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (maskHash) { 66395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR_free(maskHash); 66495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 66595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ret; 66695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 66795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 66895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Customised RSA item verification routine. This is called 66995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * when a signature is encountered requiring special handling. We 67095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * currently only handle PSS. */ 67195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 67295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, 67395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY *pkey) { 67495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Sanity check: make sure it is PSS */ 67595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { 67695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(EVP, rsa_item_verify, EVP_R_UNSUPPORTED_SIGNATURE_TYPE); 67795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return -1; 67895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 67995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey)) { 68095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Carry on */ 68195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 2; 68295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 68395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 68495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return -1; 68595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 68695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 68795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 68895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR *alg1, X509_ALGOR *alg2, 68995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_BIT_STRING *sig) { 69095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int pad_mode; 69195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_CTX *pkctx = ctx->pctx; 69295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) { 69395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 69495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 69595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pad_mode == RSA_PKCS1_PADDING) { 69695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 2; 69795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 69895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pad_mode == RSA_PKCS1_PSS_PADDING) { 69995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_STRING *os1 = rsa_ctx_to_pss(pkctx); 70095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!os1) { 70195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 70295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 70395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Duplicate parameters if we have to */ 70495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (alg2) { 70595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_STRING *os2 = ASN1_STRING_dup(os1); 70695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!os2) { 70795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_STRING_free(os1); 70895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 70995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 71095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os2); 71195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 71295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os1); 71395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 3; 71495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 71595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 2; 71695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 71795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 71895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyconst EVP_PKEY_ASN1_METHOD rsa_asn1_meth = { 71995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_RSA, 72095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_RSA, 72195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_PKEY_SIGPARAM_NULL, 72295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 72395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley "RSA", 72495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley "OpenSSL RSA method", 72595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 72695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_pub_decode, 72795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_pub_encode, 72895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_pub_cmp, 72995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_pub_print, 73095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 73195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_priv_decode, 73295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_priv_encode, 73395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_priv_print, 73495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 735ecc0ce7e67b7dcfdfc57ffa99d70c9a04996e15bDavid Benjamin rsa_opaque, 736ecc0ce7e67b7dcfdfc57ffa99d70c9a04996e15bDavid Benjamin 73795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int_rsa_size, 73895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_bits, 73995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 74095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0,0,0,0,0,0, 74195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 74295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_sig_print, 74395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int_rsa_free, 74495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_pkey_ctrl, 74595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 74695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley old_rsa_priv_decode, 74795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley old_rsa_priv_encode, 74895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 74995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_item_verify, 75095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley rsa_item_sign, 75195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley}; 75295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 75395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyconst EVP_PKEY_ASN1_METHOD rsa_asn1_meth_2 = { 75495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_RSA2, 75595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley EVP_PKEY_RSA, 75695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_PKEY_ALIAS, 75795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley}; 758