kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1624 Commits
12 Branches
38 MiB
Tree: a54cc0c55c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a54cc0c55c'
${ noResults }
boringssl/crypto/evp/p_rsa_asn1.c

p_rsa_asn1.c 19 KiB
Raw Normal View History

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPublicKey with CBS. BUG=499653 Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18 Reviewed-on: https://boringssl-review.googlesource.com/5272 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Introduce EVP_PKEY_is_opaque to replace RSA_METHOD_FLAG_NO_CHECK. Custom RSA and ECDSA keys may not expose the key material. Plumb and "opaque" bit out of the *_METHOD up to EVP_PKEY. Query that in ssl_rsa.c to skip the sanity checks for certificate and key matching. Change-Id: I362a2d5116bfd1803560dfca1d69a91153e895fc Reviewed-on: https://boringssl-review.googlesource.com/1255 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Add EVP_PKEY_supports_digest. This is intended for TLS client auth with Windows CAPI- and CNG-backed keys which implement sign over sign_raw and do not support all hash functions. Only plumbed through RSA for now. Change-Id: Ica42e7fb026840f817a169da9372dda226f7d6fd Reviewed-on: https://boringssl-review.googlesource.com/2250 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Multi-prime RSA support. RSA with more than two primes is specified in https://tools.ietf.org/html/rfc3447, although the idea goes back far earier than that. This change ports some of the changes in http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest to BoringSSL—specifically those bits that are under an OpenSSL license. Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1 Reviewed-on: https://boringssl-review.googlesource.com/4870 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Multi-prime RSA support. RSA with more than two primes is specified in https://tools.ietf.org/html/rfc3447, although the idea goes back far earier than that. This change ports some of the changes in http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest to BoringSSL—specifically those bits that are under an OpenSSL license. Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1 Reviewed-on: https://boringssl-review.googlesource.com/4870 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
remove duplicate 0x for default RSASSA-PSS salt len (Imported from upstream's 42d73874edb4eb6681b769d9850afebe97adf329)
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Take advantage of normalized return values. Now that much of EVP has been normalized to 0/1, a lot of code can just use boolean operators. (As can some code which was already using them...) Change-Id: I6bb17edfd6f67050bf1706d59d8f37df57535faa Reviewed-on: https://boringssl-review.googlesource.com/3875 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove EVP_PKEY_CTX case in rsa_pss_to_ctx. We only ever use the EVP_PKEY case, not the EVP_PKEY_CTX one. Change-Id: Ibead854f793663da0a9e474599507d9c3ff920cb Reviewed-on: https://boringssl-review.googlesource.com/1915 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Fix rsa_pss_to_ctx return value. It should return 0 for failure, not -1; the call site was expecting 0 anyway. Change-Id: I24ab5d3695b8ac438e40be1a4fd74ecd3b845f5a Reviewed-on: https://boringssl-review.googlesource.com/1914 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove EVP_PKEY_CTX case in rsa_pss_to_ctx. We only ever use the EVP_PKEY case, not the EVP_PKEY_CTX one. Change-Id: Ibead854f793663da0a9e474599507d9c3ff920cb Reviewed-on: https://boringssl-review.googlesource.com/1915 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Fix rsa_pss_to_ctx return value. It should return 0 for failure, not -1; the call site was expecting 0 anyway. Change-Id: I24ab5d3695b8ac438e40be1a4fd74ecd3b845f5a Reviewed-on: https://boringssl-review.googlesource.com/1914 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove EVP_PKEY_CTX case in rsa_pss_to_ctx. We only ever use the EVP_PKEY case, not the EVP_PKEY_CTX one. Change-Id: Ibead854f793663da0a9e474599507d9c3ff920cb Reviewed-on: https://boringssl-review.googlesource.com/1915 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Take advantage of normalized return values. Now that much of EVP has been normalized to 0/1, a lot of code can just use boolean operators. (As can some code which was already using them...) Change-Id: I6bb17edfd6f67050bf1706d59d8f37df57535faa Reviewed-on: https://boringssl-review.googlesource.com/3875 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Take advantage of normalized return values. Now that much of EVP has been normalized to 0/1, a lot of code can just use boolean operators. (As can some code which was already using them...) Change-Id: I6bb17edfd6f67050bf1706d59d8f37df57535faa Reviewed-on: https://boringssl-review.googlesource.com/3875 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Introduce EVP_PKEY_is_opaque to replace RSA_METHOD_FLAG_NO_CHECK. Custom RSA and ECDSA keys may not expose the key material. Plumb and "opaque" bit out of the *_METHOD up to EVP_PKEY. Query that in ssl_rsa.c to skip the sanity checks for certificate and key matching. Change-Id: I362a2d5116bfd1803560dfca1d69a91153e895fc Reviewed-on: https://boringssl-review.googlesource.com/1255 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Add EVP_PKEY_supports_digest. This is intended for TLS client auth with Windows CAPI- and CNG-backed keys which implement sign over sign_raw and do not support all hash functions. Only plumbed through RSA for now. Change-Id: Ica42e7fb026840f817a169da9372dda226f7d6fd Reviewed-on: https://boringssl-review.googlesource.com/2250 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Introduce EVP_PKEY_is_opaque to replace RSA_METHOD_FLAG_NO_CHECK. Custom RSA and ECDSA keys may not expose the key material. Plumb and "opaque" bit out of the *_METHOD up to EVP_PKEY. Query that in ssl_rsa.c to skip the sanity checks for certificate and key matching. Change-Id: I362a2d5116bfd1803560dfca1d69a91153e895fc Reviewed-on: https://boringssl-review.googlesource.com/1255 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm. Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify out. This makes it possible to initialize a signature context from an AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void* pair and reserialized. Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50 Reviewed-on: https://boringssl-review.googlesource.com/1916 Reviewed-by: Adam Langley <agl@google.com>
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727 
  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  2.  * project 2006.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer. 

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <openssl/evp.h>

  57. 

  58. #include <openssl/asn1.h>

  59. #include <openssl/asn1t.h>

  60. #include <openssl/digest.h>

  61. #include <openssl/err.h>

  62. #include <openssl/mem.h>

  63. #include <openssl/obj.h>

  64. #include <openssl/rsa.h>

  65. #include <openssl/x509.h>

  66. 

  67. #include "../rsa/internal.h"

  68. #include "internal.h"

  69. 

  70. 

  71. static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) {

  72.   uint8_t *encoded;

  73.   size_t encoded_len;

  74.   if (!RSA_public_key_to_bytes(&encoded, &encoded_len, pkey->pkey.rsa)) {

  75.     return 0;

  76.   }

  77. 

  78.   if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), V_ASN1_NULL, NULL,

  79.                               encoded, encoded_len)) {

  80.     OPENSSL_free(encoded);

  81.     return 0;

  82.   }

  83. 

  84.   return 1;

  85. }

  86. 

  87. static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) {

  88.   const uint8_t *p;

  89.   int pklen;

  90.   RSA *rsa;

  91. 

  92.   if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) {

  93.     return 0;

  94.   }

  95.   rsa = RSA_public_key_from_bytes(p, pklen);

  96.   if (rsa == NULL) {

  97.     OPENSSL_PUT_ERROR(EVP, ERR_R_RSA_LIB);

  98.     return 0;

  99.   }

  100.   EVP_PKEY_assign_RSA(pkey, rsa);

  101.   return 1;

  102. }

  103. 

  104. static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {

  105.   return BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) == 0 &&

  106.          BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) == 0;

  107. }

  108. 

  109. static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) {

  110.   uint8_t *encoded;

  111.   size_t encoded_len;

  112.   if (!RSA_private_key_to_bytes(&encoded, &encoded_len, pkey->pkey.rsa)) {

  113.     return 0;

  114.   }

  115. 

  116.   /* TODO(fork): const correctness in next line. */

  117.   if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_rsaEncryption), 0,

  118.                        V_ASN1_NULL, NULL, encoded, encoded_len)) {

  119.     OPENSSL_free(encoded);

  120.     OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);

  121.     return 0;

  122.   }

  123. 

  124.   return 1;

  125. }

  126. 

  127. static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) {

  128.   const uint8_t *p;

  129.   int pklen;

  130.   if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) {

  131.     OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);

  132.     return 0;

  133.   }

  134. 

  135.   RSA *rsa = RSA_private_key_from_bytes(p, pklen);

  136.   if (rsa == NULL) {

  137.     OPENSSL_PUT_ERROR(EVP, ERR_R_RSA_LIB);

  138.     return 0;

  139.   }

  140. 

  141.   EVP_PKEY_assign_RSA(pkey, rsa);

  142.   return 1;

  143. }

  144. 

  145. static int rsa_opaque(const EVP_PKEY *pkey) {

  146.   return RSA_is_opaque(pkey->pkey.rsa);

  147. }

  148. 

  149. static int rsa_supports_digest(const EVP_PKEY *pkey, const EVP_MD *md) {

  150.   return RSA_supports_digest(pkey->pkey.rsa, md);

  151. }

  152. 

  153. static int int_rsa_size(const EVP_PKEY *pkey) {

  154.   return RSA_size(pkey->pkey.rsa);

  155. }

  156. 

  157. static int rsa_bits(const EVP_PKEY *pkey) {

  158.   return BN_num_bits(pkey->pkey.rsa->n);

  159. }

  160. 

  161. static void int_rsa_free(EVP_PKEY *pkey) { RSA_free(pkey->pkey.rsa); }

  162. 

  163. static void update_buflen(const BIGNUM *b, size_t *pbuflen) {

  164.   size_t i;

  165. 

  166.   if (!b) {

  167.     return;

  168.   }

  169. 

  170.   i = BN_num_bytes(b);

  171.   if (*pbuflen < i) {

  172.     *pbuflen = i;

  173.   }

  174. }

  175. 

  176. static int do_rsa_print(BIO *out, const RSA *rsa, int off,

  177.                         int include_private) {

  178.   char *str;

  179.   const char *s;

  180.   uint8_t *m = NULL;

  181.   int ret = 0, mod_len = 0;

  182.   size_t buf_len = 0;

  183. 

  184.   update_buflen(rsa->n, &buf_len);

  185.   update_buflen(rsa->e, &buf_len);

  186. 

  187.   if (include_private) {

  188.     update_buflen(rsa->d, &buf_len);

  189.     update_buflen(rsa->p, &buf_len);

  190.     update_buflen(rsa->q, &buf_len);

  191.     update_buflen(rsa->dmp1, &buf_len);

  192.     update_buflen(rsa->dmq1, &buf_len);

  193.     update_buflen(rsa->iqmp, &buf_len);

  194. 

  195.     if (rsa->additional_primes != NULL) {

  196.       size_t i;

  197. 

  198.       for (i = 0; i < sk_RSA_additional_prime_num(rsa->additional_primes);

  199.            i++) {

  200.         const RSA_additional_prime *ap =

  201.             sk_RSA_additional_prime_value(rsa->additional_primes, i);

  202.         update_buflen(ap->prime, &buf_len);

  203.         update_buflen(ap->exp, &buf_len);

  204.         update_buflen(ap->coeff, &buf_len);

  205.       }

  206.     }

  207.   }

  208. 

  209.   m = (uint8_t *)OPENSSL_malloc(buf_len + 10);

  210.   if (m == NULL) {

  211.     OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);

  212.     goto err;

  213.   }

  214. 

  215.   if (rsa->n != NULL) {

  216.     mod_len = BN_num_bits(rsa->n);

  217.   }

  218. 

  219.   if (!BIO_indent(out, off, 128)) {

  220.     goto err;

  221.   }

  222. 

  223.   if (include_private && rsa->d) {

  224.     if (BIO_printf(out, "Private-Key: (%d bit)\n", mod_len) <= 0) {

  225.       goto err;

  226.     }

  227.     str = "modulus:";

  228.     s = "publicExponent:";

  229.   } else {

  230.     if (BIO_printf(out, "Public-Key: (%d bit)\n", mod_len) <= 0) {

  231.       goto err;

  232.     }

  233.     str = "Modulus:";

  234.     s = "Exponent:";

  235.   }

  236.   if (!ASN1_bn_print(out, str, rsa->n, m, off) ||

  237.       !ASN1_bn_print(out, s, rsa->e, m, off)) {

  238.     goto err;

  239.   }

  240. 

  241.   if (include_private) {

  242.     if (!ASN1_bn_print(out, "privateExponent:", rsa->d, m, off) ||

  243.         !ASN1_bn_print(out, "prime1:", rsa->p, m, off) ||

  244.         !ASN1_bn_print(out, "prime2:", rsa->q, m, off) ||

  245.         !ASN1_bn_print(out, "exponent1:", rsa->dmp1, m, off) ||

  246.         !ASN1_bn_print(out, "exponent2:", rsa->dmq1, m, off) ||

  247.         !ASN1_bn_print(out, "coefficient:", rsa->iqmp, m, off)) {

  248.       goto err;

  249.     }

  250. 

  251.     if (rsa->additional_primes != NULL &&

  252.         sk_RSA_additional_prime_num(rsa->additional_primes) > 0) {

  253.       size_t i;

  254. 

  255.       if (BIO_printf(out, "otherPrimeInfos:\n") <= 0) {

  256.         goto err;

  257.       }

  258.       for (i = 0; i < sk_RSA_additional_prime_num(rsa->additional_primes);

  259.            i++) {

  260.         const RSA_additional_prime *ap =

  261.             sk_RSA_additional_prime_value(rsa->additional_primes, i);

  262. 

  263.         if (BIO_printf(out, "otherPrimeInfo (prime %u):\n",

  264.                        (unsigned)(i + 3)) <= 0 ||

  265.             !ASN1_bn_print(out, "prime:", ap->prime, m, off) ||

  266.             !ASN1_bn_print(out, "exponent:", ap->exp, m, off) ||

  267.             !ASN1_bn_print(out, "coeff:", ap->coeff, m, off)) {

  268.           goto err;

  269.         }

  270.       }

  271.     }

  272.   }

  273.   ret = 1;

  274. 

  275. err:

  276.   OPENSSL_free(m);

  277.   return ret;

  278. }

  279. 

  280. static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,

  281.                          ASN1_PCTX *ctx) {

  282.   return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);

  283. }

  284. 

  285. 

  286. static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,

  287.                           ASN1_PCTX *ctx) {

  288.   return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);

  289. }

  290. 

  291. /* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */

  292. static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) {

  293.   const uint8_t *p;

  294.   int plen;

  295. 

  296.   if (alg == NULL ||

  297.       OBJ_obj2nid(alg->algorithm) != NID_mgf1 ||

  298.       alg->parameter->type != V_ASN1_SEQUENCE) {

  299.     return NULL;

  300.   }

  301. 

  302.   p = alg->parameter->value.sequence->data;

  303.   plen = alg->parameter->value.sequence->length;

  304.   return d2i_X509_ALGOR(NULL, &p, plen);

  305. }

  306. 

  307. static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,

  308.                                       X509_ALGOR **pmaskHash) {

  309.   const uint8_t *p;

  310.   int plen;

  311.   RSA_PSS_PARAMS *pss;

  312. 

  313.   *pmaskHash = NULL;

  314. 

  315.   if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) {

  316.     return NULL;

  317.   }

  318.   p = alg->parameter->value.sequence->data;

  319.   plen = alg->parameter->value.sequence->length;

  320.   pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);

  321. 

  322.   if (!pss) {

  323.     return NULL;

  324.   }

  325. 

  326.   *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);

  327. 

  328.   return pss;

  329. }

  330. 

  331. static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,

  332.                                X509_ALGOR *maskHash, int indent) {

  333.   int rv = 0;

  334. 

  335.   if (!pss) {

  336.     if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) {

  337.       return 0;

  338.     }

  339.     return 1;

  340.   }

  341. 

  342.   if (BIO_puts(bp, "\n") <= 0 ||

  343.       !BIO_indent(bp, indent, 128) ||

  344.       BIO_puts(bp, "Hash Algorithm: ") <= 0) {

  345.     goto err;

  346.   }

  347. 

  348.   if (pss->hashAlgorithm) {

  349.     if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) {

  350.       goto err;

  351.     }

  352.   } else if (BIO_puts(bp, "sha1 (default)") <= 0) {

  353.     goto err;

  354.   }

  355. 

  356.   if (BIO_puts(bp, "\n") <= 0 ||

  357.       !BIO_indent(bp, indent, 128) ||

  358.       BIO_puts(bp, "Mask Algorithm: ") <= 0) {

  359.     goto err;

  360.   }

  361. 

  362.   if (pss->maskGenAlgorithm) {

  363.     if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0 ||

  364.         BIO_puts(bp, " with ") <= 0) {

  365.       goto err;

  366.     }

  367. 

  368.     if (maskHash) {

  369.       if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) {

  370.         goto err;

  371.       }

  372.     } else if (BIO_puts(bp, "INVALID") <= 0) {

  373.       goto err;

  374.     }

  375.   } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {

  376.     goto err;

  377.   }

  378.   BIO_puts(bp, "\n");

  379. 

  380.   if (!BIO_indent(bp, indent, 128) ||

  381.       BIO_puts(bp, "Salt Length: 0x") <= 0) {

  382.     goto err;

  383.   }

  384. 

  385.   if (pss->saltLength) {

  386.     if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) {

  387.       goto err;

  388.     }

  389.   } else if (BIO_puts(bp, "14 (default)") <= 0) {

  390.     goto err;

  391.   }

  392.   BIO_puts(bp, "\n");

  393. 

  394.   if (!BIO_indent(bp, indent, 128) ||

  395.       BIO_puts(bp, "Trailer Field: 0x") <= 0) {

  396.     goto err;

  397.   }

  398. 

  399.   if (pss->trailerField) {

  400.     if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) {

  401.       goto err;

  402.     }

  403.   } else if (BIO_puts(bp, "BC (default)") <= 0) {

  404.     goto err;

  405.   }

  406.   BIO_puts(bp, "\n");

  407. 

  408.   rv = 1;

  409. 

  410. err:

  411.   return rv;

  412. }

  413. 

  414. static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,

  415.                          const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) {

  416.   if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {

  417.     int rv;

  418.     RSA_PSS_PARAMS *pss;

  419.     X509_ALGOR *maskHash;

  420. 

  421.     pss = rsa_pss_decode(sigalg, &maskHash);

  422.     rv = rsa_pss_param_print(bp, pss, maskHash, indent);

  423.     RSA_PSS_PARAMS_free(pss);

  424.     X509_ALGOR_free(maskHash);

  425.     if (!rv) {

  426.       return 0;

  427.     }

  428.   } else if (!sig && BIO_puts(bp, "\n") <= 0) {

  429.     return 0;

  430.   }

  431. 

  432.   if (sig) {

  433.     return X509_signature_dump(bp, sig, indent);

  434.   }

  435.   return 1;

  436. }

  437. 

  438. static int old_rsa_priv_decode(EVP_PKEY *pkey, const uint8_t **pder,

  439.                                int derlen) {

  440.   RSA *rsa = d2i_RSAPrivateKey(NULL, pder, derlen);

  441.   if (rsa == NULL) {

  442.     OPENSSL_PUT_ERROR(EVP, ERR_R_RSA_LIB);

  443.     return 0;

  444.   }

  445.   EVP_PKEY_assign_RSA(pkey, rsa);

  446.   return 1;

  447. }

  448. 

  449. static int old_rsa_priv_encode(const EVP_PKEY *pkey, uint8_t **pder) {

  450.   return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);

  451. }

  452. 

  453. /* allocate and set algorithm ID from EVP_MD, default SHA1 */

  454. static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) {

  455.   if (EVP_MD_type(md) == NID_sha1) {

  456.     return 1;

  457.   }

  458.   *palg = X509_ALGOR_new();

  459.   if (!*palg) {

  460.     return 0;

  461.   }

  462.   X509_ALGOR_set_md(*palg, md);

  463.   return 1;

  464. }

  465. 

  466. /* Allocate and set MGF1 algorithm ID from EVP_MD */

  467. static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) {

  468.   X509_ALGOR *algtmp = NULL;

  469.   ASN1_STRING *stmp = NULL;

  470.   *palg = NULL;

  471. 

  472.   if (EVP_MD_type(mgf1md) == NID_sha1) {

  473.     return 1;

  474.   }

  475.   /* need to embed algorithm ID inside another */

  476.   if (!rsa_md_to_algor(&algtmp, mgf1md) ||

  477.       !ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) {

  478.     goto err;

  479.   }

  480.   *palg = X509_ALGOR_new();

  481.   if (!*palg) {

  482.     goto err;

  483.   }

  484.   X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);

  485.   stmp = NULL;

  486. 

  487. err:

  488.   ASN1_STRING_free(stmp);

  489.   X509_ALGOR_free(algtmp);

  490.   if (*palg) {

  491.     return 1;

  492.   }

  493. 

  494.   return 0;

  495. }

  496. 

  497. /* convert algorithm ID to EVP_MD, default SHA1 */

  498. static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) {

  499.   const EVP_MD *md;

  500.   if (!alg) {

  501.     return EVP_sha1();

  502.   }

  503.   md = EVP_get_digestbyobj(alg->algorithm);

  504.   if (md == NULL) {

  505.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_DIGEST);

  506.   }

  507.   return md;

  508. }

  509. 

  510. /* convert MGF1 algorithm ID to EVP_MD, default SHA1 */

  511. static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash) {

  512.   const EVP_MD *md;

  513.   if (!alg) {

  514.     return EVP_sha1();

  515.   }

  516.   /* Check mask and lookup mask hash algorithm */

  517.   if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) {

  518.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_MASK_ALGORITHM);

  519.     return NULL;

  520.   }

  521.   if (!maskHash) {

  522.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_MASK_PARAMETER);

  523.     return NULL;

  524.   }

  525.   md = EVP_get_digestbyobj(maskHash->algorithm);

  526.   if (md == NULL) {

  527.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_MASK_DIGEST);

  528.     return NULL;

  529.   }

  530.   return md;

  531. }

  532. 

  533. /* rsa_ctx_to_pss converts EVP_PKEY_CTX in PSS mode into corresponding

  534.  * algorithm parameter, suitable for setting as an AlgorithmIdentifier. */

  535. static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) {

  536.   const EVP_MD *sigmd, *mgf1md;

  537.   RSA_PSS_PARAMS *pss = NULL;

  538.   ASN1_STRING *os = NULL;

  539.   EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);

  540.   int saltlen, rv = 0;

  541. 

  542.   if (!EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) ||

  543.       !EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) ||

  544.       !EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) {

  545.     goto err;

  546.   }

  547. 

  548.   if (saltlen == -1) {

  549.     saltlen = EVP_MD_size(sigmd);

  550.   } else if (saltlen == -2) {

  551.     saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;

  552.     if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) {

  553.       saltlen--;

  554.     }

  555.   } else {

  556.     goto err;

  557.   }

  558. 

  559.   pss = RSA_PSS_PARAMS_new();

  560.   if (!pss) {

  561.     goto err;

  562.   }

  563. 

  564.   if (saltlen != 20) {

  565.     pss->saltLength = ASN1_INTEGER_new();

  566.     if (!pss->saltLength ||

  567.         !ASN1_INTEGER_set(pss->saltLength, saltlen)) {

  568.       goto err;

  569.     }

  570.   }

  571. 

  572.   if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) ||

  573.       !rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) {

  574.     goto err;

  575.   }

  576. 

  577.   /* Finally create string with pss parameter encoding. */

  578.   if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) {

  579.     goto err;

  580.   }

  581.   rv = 1;

  582. 

  583. err:

  584.   if (pss) {

  585.     RSA_PSS_PARAMS_free(pss);

  586.   }

  587.   if (rv) {

  588.     return os;

  589.   }

  590.   if (os) {

  591.     ASN1_STRING_free(os);

  592.   }

  593.   return NULL;

  594. }

  595. 

  596. /* From PSS AlgorithmIdentifier set public key parameters. */

  597. static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) {

  598.   int ret = 0;

  599.   int saltlen;

  600.   const EVP_MD *mgf1md = NULL, *md = NULL;

  601.   RSA_PSS_PARAMS *pss;

  602.   X509_ALGOR *maskHash;

  603.   EVP_PKEY_CTX *pkctx;

  604. 

  605.   /* Sanity check: make sure it is PSS */

  606.   if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {

  607.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_SIGNATURE_TYPE);

  608.     return 0;

  609.   }

  610.   /* Decode PSS parameters */

  611.   pss = rsa_pss_decode(sigalg, &maskHash);

  612.   if (pss == NULL) {

  613.     OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PSS_PARAMETERS);

  614.     goto err;

  615.   }

  616. 

  617.   mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash);

  618.   if (!mgf1md) {

  619.     goto err;

  620.   }

  621.   md = rsa_algor_to_md(pss->hashAlgorithm);

  622.   if (!md) {

  623.     goto err;

  624.   }

  625. 

  626.   saltlen = 20;

  627.   if (pss->saltLength) {

  628.     saltlen = ASN1_INTEGER_get(pss->saltLength);

  629. 

  630.     /* Could perform more salt length sanity checks but the main

  631.      * RSA routines will trap other invalid values anyway. */

  632.     if (saltlen < 0) {

  633.       OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_SALT_LENGTH);

  634.       goto err;

  635.     }

  636.   }

  637. 

  638.   /* low-level routines support only trailer field 0xbc (value 1)

  639.    * and PKCS#1 says we should reject any other value anyway. */

  640.   if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {

  641.     OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_TRAILER);

  642.     goto err;

  643.   }

  644. 

  645.   if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey) ||

  646.       !EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) ||

  647.       !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) ||

  648.       !EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md)) {

  649.     goto err;

  650.   }

  651. 

  652.   ret = 1;

  653. 

  654. err:

  655.   RSA_PSS_PARAMS_free(pss);

  656.   if (maskHash) {

  657.     X509_ALGOR_free(maskHash);

  658.   }

  659.   return ret;

  660. }

  661. 

  662. /* Customised RSA AlgorithmIdentifier handling. This is called when a signature

  663.  * is encountered requiring special handling. We currently only handle PSS. */

  664. static int rsa_digest_verify_init_from_algorithm(EVP_MD_CTX *ctx,

  665.                                                  X509_ALGOR *sigalg,

  666.                                                  EVP_PKEY *pkey) {

  667.   /* Sanity check: make sure it is PSS */

  668.   if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {

  669.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_SIGNATURE_TYPE);

  670.     return 0;

  671.   }

  672.   return rsa_pss_to_ctx(ctx, sigalg, pkey);

  673. }

  674. 

  675. static evp_digest_sign_algorithm_result_t rsa_digest_sign_algorithm(

  676.     EVP_MD_CTX *ctx, X509_ALGOR *sigalg) {

  677.   int pad_mode;

  678.   EVP_PKEY_CTX *pkctx = ctx->pctx;

  679.   if (!EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode)) {

  680.     return EVP_DIGEST_SIGN_ALGORITHM_ERROR;

  681.   }

  682.   if (pad_mode == RSA_PKCS1_PSS_PADDING) {

  683.     ASN1_STRING *os1 = rsa_ctx_to_pss(pkctx);

  684.     if (!os1) {

  685.       return EVP_DIGEST_SIGN_ALGORITHM_ERROR;

  686.     }

  687.     X509_ALGOR_set0(sigalg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os1);

  688.     return EVP_DIGEST_SIGN_ALGORITHM_SUCCESS;

  689.   }

  690. 

  691.   /* Other padding schemes use the default behavior. */

  692.   return EVP_DIGEST_SIGN_ALGORITHM_DEFAULT;

  693. }

  694. 

  695. const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = {

  696.   EVP_PKEY_RSA,

  697.   EVP_PKEY_RSA,

  698.   ASN1_PKEY_SIGPARAM_NULL,

  699. 

  700.   "RSA",

  701. 

  702.   rsa_pub_decode,

  703.   rsa_pub_encode,

  704.   rsa_pub_cmp,

  705.   rsa_pub_print,

  706. 

  707.   rsa_priv_decode,

  708.   rsa_priv_encode,

  709.   rsa_priv_print,

  710. 

  711.   rsa_opaque,

  712.   rsa_supports_digest,

  713. 

  714.   int_rsa_size,

  715.   rsa_bits,

  716. 

  717.   0,0,0,0,0,0,

  718. 

  719.   rsa_sig_print,

  720.   int_rsa_free,

  721. 

  722.   old_rsa_priv_decode,

  723.   old_rsa_priv_encode,

  724. 

  725.   rsa_digest_verify_init_from_algorithm,

  726.   rsa_digest_sign_algorithm,

  727. };