kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
1913 Revīzijas
12 Atzari
38 MiB
Koks: 1269ddd377
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '1269ddd377'
${ noResults }
boringssl/crypto/rsa/rsa_asn1.c

rsa_asn1.c 13 KiB
Neapstrādāts Parastais skats Vēsture

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
Work around broken Estonian smart cards. Again. Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug. Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which tolerate this mistake, to align with OpenSSL's previous behavior. This code is currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is tolerant. (This isn't a huge deal as the rest of that stack still uses the legacy ASN.1 code which is overly lenient in many other ways.) In future, when Chromium isn't using crypto/x509 and has more unified certificate handling code, we can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether. BUG=532048 Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751 Reviewed-on: https://boringssl-review.googlesource.com/5894 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Work around broken Estonian smart cards. Again. Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug. Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which tolerate this mistake, to align with OpenSSL's previous behavior. This code is currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is tolerant. (This isn't a huge deal as the rest of that stack still uses the legacy ASN.1 code which is overly lenient in many other ways.) In future, when Chromium isn't using crypto/x509 and has more unified certificate handling code, we can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether. BUG=532048 Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751 Reviewed-on: https://boringssl-review.googlesource.com/5894 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Work around broken Estonian smart cards. Again. Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug. Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which tolerate this mistake, to align with OpenSSL's previous behavior. This code is currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is tolerant. (This isn't a huge deal as the rest of that stack still uses the legacy ASN.1 code which is overly lenient in many other ways.) In future, when Chromium isn't using crypto/x509 and has more unified certificate handling code, we can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether. BUG=532048 Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751 Reviewed-on: https://boringssl-review.googlesource.com/5894 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Work around broken Estonian smart cards. Again. Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug. Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which tolerate this mistake, to align with OpenSSL's previous behavior. This code is currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is tolerant. (This isn't a huge deal as the rest of that stack still uses the legacy ASN.1 code which is overly lenient in many other ways.) In future, when Chromium isn't using crypto/x509 and has more unified certificate handling code, we can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether. BUG=532048 Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751 Reviewed-on: https://boringssl-review.googlesource.com/5894 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Work around broken Estonian smart cards. Again. Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug. Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which tolerate this mistake, to align with OpenSSL's previous behavior. This code is currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is tolerant. (This isn't a huge deal as the rest of that stack still uses the legacy ASN.1 code which is overly lenient in many other ways.) In future, when Chromium isn't using crypto/x509 and has more unified certificate handling code, we can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether. BUG=532048 Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751 Reviewed-on: https://boringssl-review.googlesource.com/5894 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Work around broken Estonian smart cards. Again. Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug. Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which tolerate this mistake, to align with OpenSSL's previous behavior. This code is currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is tolerant. (This isn't a huge deal as the rest of that stack still uses the legacy ASN.1 code which is overly lenient in many other ways.) In future, when Chromium isn't using crypto/x509 and has more unified certificate handling code, we can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether. BUG=532048 Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751 Reviewed-on: https://boringssl-review.googlesource.com/5894 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Work around even more Estonian ID card misissuances. Not content with signing negative RSA moduli, still other Estonian IDs have too many leading zeros. Work around those too. This workaround will be removed in six months. BUG=534766 Change-Id: Ica23b1b1499f9dbe39e94cf7b540900860e8e135 Reviewed-on: https://boringssl-review.googlesource.com/5980 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Work around broken Estonian smart cards. Again. Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug. Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which tolerate this mistake, to align with OpenSSL's previous behavior. This code is currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is tolerant. (This isn't a huge deal as the rest of that stack still uses the legacy ASN.1 code which is overly lenient in many other ways.) In future, when Chromium isn't using crypto/x509 and has more unified certificate handling code, we can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether. BUG=532048 Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751 Reviewed-on: https://boringssl-review.googlesource.com/5894 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Update the Estonian workaround comments. Target date for removal of the workaround is 6 months. BUG=532048 Change-Id: I402f75e46736936725575559cd8eb194115ab0df Reviewed-on: https://boringssl-review.googlesource.com/5910 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Work around broken Estonian smart cards. Again. Estonian IDs issued between September 2014 to September 2015 are broken and use negative moduli. They last five years and are common enough that we need to work around this bug. Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which tolerate this mistake, to align with OpenSSL's previous behavior. This code is currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is tolerant. (This isn't a huge deal as the rest of that stack still uses the legacy ASN.1 code which is overly lenient in many other ways.) In future, when Chromium isn't using crypto/x509 and has more unified certificate handling code, we can put client certificates under a slightly different codepath, so this needn't hold for all certificates forever. Then in September 2019, when the broken Estonian certificates all expire, we can purge this codepath altogether. BUG=532048 Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751 Reviewed-on: https://boringssl-review.googlesource.com/5894 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Multi-prime RSA support. RSA with more than two primes is specified in https://tools.ietf.org/html/rfc3447, although the idea goes back far earier than that. This change ports some of the changes in http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest to BoringSSL—specifically those bits that are under an OpenSSL license. Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1 Reviewed-on: https://boringssl-review.googlesource.com/4870 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466 
  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  2.  * project 2000.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer.

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <openssl/rsa.h>

  57. 

  58. #include <assert.h>

  59. #include <limits.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/asn1.h>

  63. #include <openssl/asn1t.h>

  64. #include <openssl/bn.h>

  65. #include <openssl/bytestring.h>

  66. #include <openssl/err.h>

  67. #include <openssl/mem.h>

  68. 

  69. #include "internal.h"

  70. 

  71. 

  72. static int parse_integer_buggy(CBS *cbs, BIGNUM **out, int buggy) {

  73.   assert(*out == NULL);

  74.   *out = BN_new();

  75.   if (*out == NULL) {

  76.     return 0;

  77.   }

  78.   if (buggy) {

  79.     return BN_cbs2unsigned_buggy(cbs, *out);

  80.   }

  81.   return BN_cbs2unsigned(cbs, *out);

  82. }

  83. 

  84. static int parse_integer(CBS *cbs, BIGNUM **out) {

  85.   return parse_integer_buggy(cbs, out, 0 /* not buggy */);

  86. }

  87. 

  88. static int marshal_integer(CBB *cbb, BIGNUM *bn) {

  89.   if (bn == NULL) {

  90.     /* An RSA object may be missing some components. */

  91.     OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);

  92.     return 0;

  93.   }

  94.   return BN_bn2cbb(cbb, bn);

  95. }

  96. 

  97. static RSA *parse_public_key(CBS *cbs, int buggy) {

  98.   RSA *ret = RSA_new();

  99.   if (ret == NULL) {

  100.     return NULL;

  101.   }

  102.   CBS child;

  103.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  104.       !parse_integer_buggy(&child, &ret->n, buggy) ||

  105.       !parse_integer(&child, &ret->e) ||

  106.       CBS_len(&child) != 0) {

  107.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  108.     RSA_free(ret);

  109.     return NULL;

  110.   }

  111.   return ret;

  112. }

  113. 

  114. RSA *RSA_parse_public_key(CBS *cbs) {

  115.   return parse_public_key(cbs, 0 /* not buggy */);

  116. }

  117. 

  118. RSA *RSA_parse_public_key_buggy(CBS *cbs) {

  119.   /* Estonian IDs issued between September 2014 to September 2015 are

  120.    * broken. See https://crbug.com/532048 and https://crbug.com/534766.

  121.    *

  122.    * TODO(davidben): Remove this code and callers in March 2016. */

  123.   return parse_public_key(cbs, 1 /* buggy */);

  124. }

  125. 

  126. RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len) {

  127.   CBS cbs;

  128.   CBS_init(&cbs, in, in_len);

  129.   RSA *ret = RSA_parse_public_key(&cbs);

  130.   if (ret == NULL || CBS_len(&cbs) != 0) {

  131.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  132.     RSA_free(ret);

  133.     return NULL;

  134.   }

  135.   return ret;

  136. }

  137. 

  138. int RSA_marshal_public_key(CBB *cbb, const RSA *rsa) {

  139.   CBB child;

  140.   if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||

  141.       !marshal_integer(&child, rsa->n) ||

  142.       !marshal_integer(&child, rsa->e) ||

  143.       !CBB_flush(cbb)) {

  144.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  145.     return 0;

  146.   }

  147.   return 1;

  148. }

  149. 

  150. int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len,

  151.                             const RSA *rsa) {

  152.   CBB cbb;

  153.   CBB_zero(&cbb);

  154.   if (!CBB_init(&cbb, 0) ||

  155.       !RSA_marshal_public_key(&cbb, rsa) ||

  156.       !CBB_finish(&cbb, out_bytes, out_len)) {

  157.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  158.     CBB_cleanup(&cbb);

  159.     return 0;

  160.   }

  161.   return 1;

  162. }

  163. 

  164. /* kVersionTwoPrime and kVersionMulti are the supported values of the version

  165.  * field of an RSAPrivateKey structure (RFC 3447). */

  166. static const uint64_t kVersionTwoPrime = 0;

  167. static const uint64_t kVersionMulti = 1;

  168. 

  169. /* rsa_parse_additional_prime parses a DER-encoded OtherPrimeInfo from |cbs| and

  170.  * advances |cbs|. It returns a newly-allocated |RSA_additional_prime| on

  171.  * success or NULL on error. The |r| and |method_mod| fields of the result are

  172.  * set to NULL. */

  173. static RSA_additional_prime *rsa_parse_additional_prime(CBS *cbs) {

  174.   RSA_additional_prime *ret = OPENSSL_malloc(sizeof(RSA_additional_prime));

  175.   if (ret == NULL) {

  176.     OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);

  177.     return 0;

  178.   }

  179.   memset(ret, 0, sizeof(RSA_additional_prime));

  180. 

  181.   CBS child;

  182.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  183.       !parse_integer(&child, &ret->prime) ||

  184.       !parse_integer(&child, &ret->exp) ||

  185.       !parse_integer(&child, &ret->coeff) ||

  186.       CBS_len(&child) != 0) {

  187.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  188.     RSA_additional_prime_free(ret);

  189.     return NULL;

  190.   }

  191. 

  192.   return ret;

  193. }

  194. 

  195. RSA *RSA_parse_private_key(CBS *cbs) {

  196.   BN_CTX *ctx = NULL;

  197.   BIGNUM *product_of_primes_so_far = NULL;

  198.   RSA *ret = RSA_new();

  199.   if (ret == NULL) {

  200.     return NULL;

  201.   }

  202. 

  203.   CBS child;

  204.   uint64_t version;

  205.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  206.       !CBS_get_asn1_uint64(&child, &version) ||

  207.       (version != kVersionTwoPrime && version != kVersionMulti) ||

  208.       !parse_integer(&child, &ret->n) ||

  209.       !parse_integer(&child, &ret->e) ||

  210.       !parse_integer(&child, &ret->d) ||

  211.       !parse_integer(&child, &ret->p) ||

  212.       !parse_integer(&child, &ret->q) ||

  213.       !parse_integer(&child, &ret->dmp1) ||

  214.       !parse_integer(&child, &ret->dmq1) ||

  215.       !parse_integer(&child, &ret->iqmp)) {

  216.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_VERSION);

  217.     goto err;

  218.   }

  219. 

  220.   /* Multi-prime RSA requires a newer version. */

  221.   if (version == kVersionMulti &&

  222.       CBS_peek_asn1_tag(&child, CBS_ASN1_SEQUENCE)) {

  223.     CBS other_prime_infos;

  224.     if (!CBS_get_asn1(&child, &other_prime_infos, CBS_ASN1_SEQUENCE) ||

  225.         CBS_len(&other_prime_infos) == 0) {

  226.       OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  227.       goto err;

  228.     }

  229.     ret->additional_primes = sk_RSA_additional_prime_new_null();

  230.     if (ret->additional_primes == NULL) {

  231.       OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);

  232.       goto err;

  233.     }

  234. 

  235.     ctx = BN_CTX_new();

  236.     product_of_primes_so_far = BN_new();

  237.     if (ctx == NULL ||

  238.         product_of_primes_so_far == NULL ||

  239.         !BN_mul(product_of_primes_so_far, ret->p, ret->q, ctx)) {

  240.       goto err;

  241.     }

  242. 

  243.     while (CBS_len(&other_prime_infos) > 0) {

  244.       RSA_additional_prime *ap = rsa_parse_additional_prime(&other_prime_infos);

  245.       if (ap == NULL) {

  246.         goto err;

  247.       }

  248.       if (!sk_RSA_additional_prime_push(ret->additional_primes, ap)) {

  249.         OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);

  250.         RSA_additional_prime_free(ap);

  251.         goto err;

  252.       }

  253.       ap->r = BN_dup(product_of_primes_so_far);

  254.       if (ap->r == NULL ||

  255.           !BN_mul(product_of_primes_so_far, product_of_primes_so_far,

  256.                   ap->prime, ctx)) {

  257.         goto err;

  258.       }

  259.     }

  260.   }

  261. 

  262.   if (CBS_len(&child) != 0) {

  263.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  264.     goto err;

  265.   }

  266. 

  267.   BN_CTX_free(ctx);

  268.   BN_free(product_of_primes_so_far);

  269.   return ret;

  270. 

  271. err:

  272.   BN_CTX_free(ctx);

  273.   BN_free(product_of_primes_so_far);

  274.   RSA_free(ret);

  275.   return NULL;

  276. }

  277. 

  278. RSA *RSA_private_key_from_bytes(const uint8_t *in, size_t in_len) {

  279.   CBS cbs;

  280.   CBS_init(&cbs, in, in_len);

  281.   RSA *ret = RSA_parse_private_key(&cbs);

  282.   if (ret == NULL || CBS_len(&cbs) != 0) {

  283.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  284.     RSA_free(ret);

  285.     return NULL;

  286.   }

  287.   return ret;

  288. }

  289. 

  290. int RSA_marshal_private_key(CBB *cbb, const RSA *rsa) {

  291.   const int is_multiprime =

  292.       sk_RSA_additional_prime_num(rsa->additional_primes) > 0;

  293. 

  294.   CBB child;

  295.   if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||

  296.       !CBB_add_asn1_uint64(&child,

  297.                            is_multiprime ? kVersionMulti : kVersionTwoPrime) ||

  298.       !marshal_integer(&child, rsa->n) ||

  299.       !marshal_integer(&child, rsa->e) ||

  300.       !marshal_integer(&child, rsa->d) ||

  301.       !marshal_integer(&child, rsa->p) ||

  302.       !marshal_integer(&child, rsa->q) ||

  303.       !marshal_integer(&child, rsa->dmp1) ||

  304.       !marshal_integer(&child, rsa->dmq1) ||

  305.       !marshal_integer(&child, rsa->iqmp)) {

  306.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  307.     return 0;

  308.   }

  309. 

  310.   if (is_multiprime) {

  311.     CBB other_prime_infos;

  312.     if (!CBB_add_asn1(&child, &other_prime_infos, CBS_ASN1_SEQUENCE)) {

  313.       OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  314.       return 0;

  315.     }

  316.     size_t i;

  317.     for (i = 0; i < sk_RSA_additional_prime_num(rsa->additional_primes); i++) {

  318.       RSA_additional_prime *ap =

  319.               sk_RSA_additional_prime_value(rsa->additional_primes, i);

  320.       CBB other_prime_info;

  321.       if (!CBB_add_asn1(&other_prime_infos, &other_prime_info,

  322.                         CBS_ASN1_SEQUENCE) ||

  323.           !marshal_integer(&other_prime_info, ap->prime) ||

  324.           !marshal_integer(&other_prime_info, ap->exp) ||

  325.           !marshal_integer(&other_prime_info, ap->coeff)) {

  326.         OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  327.         return 0;

  328.       }

  329.     }

  330.   }

  331. 

  332.   if (!CBB_flush(cbb)) {

  333.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  334.     return 0;

  335.   }

  336.   return 1;

  337. }

  338. 

  339. int RSA_private_key_to_bytes(uint8_t **out_bytes, size_t *out_len,

  340.                              const RSA *rsa) {

  341.   CBB cbb;

  342.   CBB_zero(&cbb);

  343.   if (!CBB_init(&cbb, 0) ||

  344.       !RSA_marshal_private_key(&cbb, rsa) ||

  345.       !CBB_finish(&cbb, out_bytes, out_len)) {

  346.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  347.     CBB_cleanup(&cbb);

  348.     return 0;

  349.   }

  350.   return 1;

  351. }

  352. 

  353. RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len) {

  354.   if (len < 0) {

  355.     return NULL;

  356.   }

  357.   CBS cbs;

  358.   CBS_init(&cbs, *inp, (size_t)len);

  359.   RSA *ret = RSA_parse_public_key(&cbs);

  360.   if (ret == NULL) {

  361.     return NULL;

  362.   }

  363.   if (out != NULL) {

  364.     RSA_free(*out);

  365.     *out = ret;

  366.   }

  367.   *inp += (size_t)len - CBS_len(&cbs);

  368.   return ret;

  369. }

  370. 

  371. int i2d_RSAPublicKey(const RSA *in, uint8_t **outp) {

  372.   uint8_t *der;

  373.   size_t der_len;

  374.   if (!RSA_public_key_to_bytes(&der, &der_len, in)) {

  375.     return -1;

  376.   }

  377.   if (der_len > INT_MAX) {

  378.     OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);

  379.     OPENSSL_free(der);

  380.     return -1;

  381.   }

  382.   if (outp != NULL) {

  383.     if (*outp == NULL) {

  384.       *outp = der;

  385.       der = NULL;

  386.     } else {

  387.       memcpy(*outp, der, der_len);

  388.       *outp += der_len;

  389.     }

  390.   }

  391.   OPENSSL_free(der);

  392.   return (int)der_len;

  393. }

  394. 

  395. RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len) {

  396.   if (len < 0) {

  397.     return NULL;

  398.   }

  399.   CBS cbs;

  400.   CBS_init(&cbs, *inp, (size_t)len);

  401.   RSA *ret = RSA_parse_private_key(&cbs);

  402.   if (ret == NULL) {

  403.     return NULL;

  404.   }

  405.   if (out != NULL) {

  406.     RSA_free(*out);

  407.     *out = ret;

  408.   }

  409.   *inp += (size_t)len - CBS_len(&cbs);

  410.   return ret;

  411. }

  412. 

  413. int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp) {

  414.   uint8_t *der;

  415.   size_t der_len;

  416.   if (!RSA_private_key_to_bytes(&der, &der_len, in)) {

  417.     return -1;

  418.   }

  419.   if (der_len > INT_MAX) {

  420.     OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);

  421.     OPENSSL_free(der);

  422.     return -1;

  423.   }

  424.   if (outp != NULL) {

  425.     if (*outp == NULL) {

  426.       *outp = der;

  427.       der = NULL;

  428.     } else {

  429.       memcpy(*outp, der, der_len);

  430.       *outp += der_len;

  431.     }

  432.   }

  433.   OPENSSL_free(der);

  434.   return (int)der_len;

  435. }

  436. 

  437. ASN1_SEQUENCE(RSA_PSS_PARAMS) = {

  438.   ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),

  439.   ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),

  440.   ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),

  441.   ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3),

  442. } ASN1_SEQUENCE_END(RSA_PSS_PARAMS);

  443. 

  444. IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS);

  445. 

  446. RSA *RSAPublicKey_dup(const RSA *rsa) {

  447.   uint8_t *der;

  448.   size_t der_len;

  449.   if (!RSA_public_key_to_bytes(&der, &der_len, rsa)) {

  450.     return NULL;

  451.   }

  452.   RSA *ret = RSA_public_key_from_bytes(der, der_len);

  453.   OPENSSL_free(der);

  454.   return ret;

  455. }

  456. 

  457. RSA *RSAPrivateKey_dup(const RSA *rsa) {

  458.   uint8_t *der;

  459.   size_t der_len;

  460.   if (!RSA_private_key_to_bytes(&der, &der_len, rsa)) {

  461.     return NULL;

  462.   }

  463.   RSA *ret = RSA_private_key_from_bytes(der, der_len);

  464.   OPENSSL_free(der);

  465.   return ret;

  466. }