/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#ifndef OPENSSL_NO_MD2
# include <openssl/md2.h> /* uses MD2_DIGEST_LENGTH */
#endif
+#ifndef OPENSSL_NO_MD4
+# include <openssl/md4.h> /* uses MD4_DIGEST_LENGTH */
+#endif
#ifndef OPENSSL_NO_MD5
# include <openssl/md5.h> /* uses MD5_DIGEST_LENGTH */
#endif
#ifndef OPENSSL_NO_MDC2
# include <openssl/mdc2.h> /* uses MDC2_DIGEST_LENGTH */
#endif
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/ripemd.h> /* uses RIPEMD160_DIGEST_LENGTH */
+#endif
#include <openssl/sha.h> /* uses SHA???_DIGEST_LENGTH */
+#include "crypto/rsa.h"
#include "rsa_local.h"
/*
ASN1_OCTET_STRING, sz \
};
-/* MD2 and MD5 OIDs are of the form: (1 2 840 113549 2 |n|) */
+/* MD2, MD4 and MD5 OIDs are of the form: (1 2 840 113549 2 |n|) */
#define ENCODE_DIGESTINFO_MD(name, n, sz) \
static const unsigned char digestinfo_##name##_der[] = { \
ASN1_SEQUENCE, 0x10 + sz, \
# ifndef OPENSSL_NO_MD2
ENCODE_DIGESTINFO_MD(md2, 0x02, MD2_DIGEST_LENGTH)
# endif
+# ifndef OPENSSL_NO_MD4
+ENCODE_DIGESTINFO_MD(md4, 0x03, MD4_DIGEST_LENGTH)
+# endif
# ifndef OPENSSL_NO_MD5
ENCODE_DIGESTINFO_MD(md5, 0x05, MD5_DIGEST_LENGTH)
# endif
ASN1_OCTET_STRING, MDC2_DIGEST_LENGTH
};
# endif
+# ifndef OPENSSL_NO_RMD160
+/* RIPEMD160 (1 3 36 3 3 1 2) */
+static const unsigned char digestinfo_ripemd160_der[] = {
+ ASN1_SEQUENCE, 0x0c + RIPEMD160_DIGEST_LENGTH,
+ ASN1_SEQUENCE, 0x08,
+ ASN1_OID, 0x04, 1 * 40 + 3, 36, 3, 3, 1, 2,
+ ASN1_NULL, 0x00,
+ ASN1_OCTET_STRING, RIPEMD160_DIGEST_LENGTH
+};
+# endif
+#endif /* FIPS_MODE */
+
/* SHA-1 (1 3 14 3 2 26) */
static const unsigned char digestinfo_sha1_der[] = {
ASN1_SEQUENCE, 0x0d + SHA_DIGEST_LENGTH,
ASN1_OCTET_STRING, SHA_DIGEST_LENGTH
};
-#endif /* FIPS_MODE */
-
ENCODE_DIGESTINFO_SHA(sha256, 0x01, SHA256_DIGEST_LENGTH)
ENCODE_DIGESTINFO_SHA(sha384, 0x02, SHA384_DIGEST_LENGTH)
ENCODE_DIGESTINFO_SHA(sha512, 0x03, SHA512_DIGEST_LENGTH)
*len = sizeof(digestinfo_##name##_der); \
return digestinfo_##name##_der;
-static const unsigned char *digestinfo_encoding(int nid, size_t *len)
+const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len)
{
- switch (nid) {
+ switch (md_nid) {
#ifndef FIPS_MODE
# ifndef OPENSSL_NO_MDC2
MD_CASE(mdc2)
# ifndef OPENSSL_NO_MD2
MD_CASE(md2)
# endif
+# ifndef OPENSSL_NO_MD4
+ MD_CASE(md4)
+# endif
# ifndef OPENSSL_NO_MD5
MD_CASE(md5)
# endif
- MD_CASE(sha1)
+# ifndef OPENSSL_NO_RMD160
+ MD_CASE(ripemd160)
+# endif
#endif /* FIPS_MODE */
+ MD_CASE(sha1)
MD_CASE(sha224)
MD_CASE(sha256)
MD_CASE(sha384)
}
}
+#define MD_NID_CASE(name, sz) \
+ case NID_##name: \
+ return sz;
+
+static int digest_sz_from_nid(int nid)
+{
+ switch (nid) {
+#ifndef FIPS_MODE
+# ifndef OPENSSL_NO_MDC2
+ MD_NID_CASE(mdc2, MDC2_DIGEST_LENGTH)
+# endif
+# ifndef OPENSSL_NO_MD2
+ MD_NID_CASE(md2, MD2_DIGEST_LENGTH)
+# endif
+# ifndef OPENSSL_NO_MD4
+ MD_NID_CASE(md4, MD4_DIGEST_LENGTH)
+# endif
+# ifndef OPENSSL_NO_MD5
+ MD_NID_CASE(md5, MD5_DIGEST_LENGTH)
+# endif
+# ifndef OPENSSL_NO_RMD160
+ MD_NID_CASE(ripemd160, RIPEMD160_DIGEST_LENGTH)
+# endif
+#endif /* FIPS_MODE */
+ MD_NID_CASE(sha1, SHA_DIGEST_LENGTH)
+ MD_NID_CASE(sha224, SHA224_DIGEST_LENGTH)
+ MD_NID_CASE(sha256, SHA256_DIGEST_LENGTH)
+ MD_NID_CASE(sha384, SHA384_DIGEST_LENGTH)
+ MD_NID_CASE(sha512, SHA512_DIGEST_LENGTH)
+ MD_NID_CASE(sha512_224, SHA224_DIGEST_LENGTH)
+ MD_NID_CASE(sha512_256, SHA256_DIGEST_LENGTH)
+ MD_NID_CASE(sha3_224, SHA224_DIGEST_LENGTH)
+ MD_NID_CASE(sha3_256, SHA256_DIGEST_LENGTH)
+ MD_NID_CASE(sha3_384, SHA384_DIGEST_LENGTH)
+ MD_NID_CASE(sha3_512, SHA512_DIGEST_LENGTH)
+ default:
+ return 0;
+ }
+}
+
+
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
- di_prefix = digestinfo_encoding(type, &di_prefix_len);
+ di_prefix = rsa_digestinfo_encoding(type, &di_prefix_len);
if (di_prefix == NULL) {
RSAerr(RSA_F_ENCODE_PKCS1,
RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
unsigned char *tmps = NULL;
const unsigned char *encoded = NULL;
+#ifndef FIPS_MODE
if (rsa->meth->rsa_sign != NULL)
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+#endif /* FIPS_MODE */
/* Compute the encoded digest. */
if (type == NID_md5_sha1) {
goto err;
decrypt_len = len;
+#ifndef FIPS_MODE
if (type == NID_md5_sha1) {
/*
* NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
goto err;
}
}
- } else {
+ } else
+#endif /* FIPS_MODE */
+ {
/*
* If recovering the digest, extract a digest-sized output from the end
* of |decrypt_buf| for |encode_pkcs1|, then compare the decryption
* output as in a standard verification.
*/
if (rm != NULL) {
- const EVP_MD *md = EVP_get_digestbynid(type);
- if (md == NULL) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
- goto err;
- }
+ len = digest_sz_from_nid(type);
- len = EVP_MD_size(md);
if (len <= 0)
goto err;
m_len = (unsigned int)len;