/*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#endif
static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg);
+static int rsa_sync_to_pss_params_30(RSA *rsa);
/* Set any parameters associated with pkey */
static int rsa_param_encode(const EVP_PKEY *pkey,
*pstr = NULL;
/* If RSA it's just NULL type */
- if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) {
+ if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != RSA_FLAG_TYPE_RSASSAPSS) {
*pstrtype = V_ASN1_NULL;
return 1;
}
rsa->pss = rsa_pss_decode(alg);
if (rsa->pss == NULL)
return 0;
+ if (!rsa_sync_to_pss_params_30(rsa))
+ return 0;
return 1;
}
return 0;
}
-static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+static int rsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
{
const unsigned char *p;
int pklen;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey))
return 0;
- if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
- RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
+ if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL)
return 0;
- }
if (!rsa_param_decode(rsa, alg)) {
RSA_free(rsa);
return 0;
}
+
+ RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
+ switch (pkey->ameth->pkey_id) {
+ case EVP_PKEY_RSA:
+ RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
+ break;
+ case EVP_PKEY_RSA_PSS:
+ RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
+ break;
+ default:
+ /* Leave the type bits zero */
+ break;
+ }
+
if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
RSA_free(rsa);
return 0;
static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
+ /*
+ * Don't check the public/private key, this is mostly for smart
+ * cards.
+ */
+ if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
+ || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) {
+ return 1;
+ }
+
if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
|| BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
return 0;
{
RSA *rsa;
- if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
- RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+ if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL)
return 0;
- }
EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
return 1;
}
RSA_free(rsa);
return 0;
}
+
+ RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
+ switch (pkey->ameth->pkey_id) {
+ case EVP_PKEY_RSA:
+ RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
+ break;
+ case EVP_PKEY_RSA_PSS:
+ RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
+ break;
+ default:
+ /* Leave the type bits zero */
+ break;
+ }
+
EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
return 1;
}
*/
static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
- X509_ALGOR *sigalg, EVP_PKEY *pkey)
+ const X509_ALGOR *sigalg, EVP_PKEY *pkey)
{
int rv = -1;
int saltlen;
return rv;
}
-int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
- const EVP_MD **pmgf1md, int *psaltlen)
+static int rsa_pss_verify_param(const EVP_MD **pmd, const EVP_MD **pmgf1md,
+ int *psaltlen, int *ptrailerField)
{
+ if (psaltlen != NULL && *psaltlen < 0) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH);
+ return 0;
+ }
+ /*
+ * low-level routines support only trailer field 0xbc (value 1) and
+ * PKCS#1 says we should reject any other value anyway.
+ */
+ if (ptrailerField != NULL && *ptrailerField != 1) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_TRAILER);
+ return 0;
+ }
+ return 1;
+}
+
+static int rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
+ const EVP_MD **pmd,
+ const EVP_MD **pmgf1md,
+ int *psaltlen, int *ptrailerField)
+{
+ RSA_PSS_PARAMS_30 pss_params;
+
+ /* Get the defaults from the ONE place */
+ (void)ossl_rsa_pss_params_30_set_defaults(&pss_params);
+
if (pss == NULL)
return 0;
*pmd = rsa_algor_to_md(pss->hashAlgorithm);
*pmgf1md = rsa_algor_to_md(pss->maskHash);
if (*pmgf1md == NULL)
return 0;
- if (pss->saltLength) {
+ if (pss->saltLength)
*psaltlen = ASN1_INTEGER_get(pss->saltLength);
- if (*psaltlen < 0) {
- RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_SALT_LENGTH);
- return 0;
- }
- } else {
- *psaltlen = 20;
- }
+ else
+ *psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params);
+ if (pss->trailerField)
+ *ptrailerField = ASN1_INTEGER_get(pss->trailerField);
+ else
+ *ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);;
+
+ return 1;
+}
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+ const EVP_MD **pmgf1md, int *psaltlen)
+{
/*
- * low-level routines support only trailer field 0xbc (value 1) and
- * PKCS#1 says we should reject any other value anyway.
+ * Callers do not care about the trailer field, and yet, we must
+ * pass it from get_param to verify_param, since the latter checks
+ * its value.
+ *
+ * When callers start caring, it's a simple thing to add another
+ * argument to this function.
*/
- if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
- RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_TRAILER);
- return 0;
- }
+ int trailerField = 0;
+
+ return rsa_pss_get_param_unverified(pss, pmd, pmgf1md, psaltlen,
+ &trailerField)
+ && rsa_pss_verify_param(pmd, pmgf1md, psaltlen, &trailerField);
+}
+static int rsa_sync_to_pss_params_30(RSA *rsa)
+{
+ if (rsa != NULL && rsa->pss != NULL) {
+ const EVP_MD *md = NULL, *mgf1md = NULL;
+ int md_nid, mgf1md_nid, saltlen, trailerField;
+ RSA_PSS_PARAMS_30 pss_params;
+
+ /*
+ * We don't care about the validity of the fields here, we just
+ * want to synchronise values. Verifying here makes it impossible
+ * to even read a key with invalid values, making it hard to test
+ * a bad situation.
+ *
+ * Other routines use rsa_pss_get_param(), so the values will be
+ * checked, eventually.
+ */
+ if (!rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md,
+ &saltlen, &trailerField))
+ return 0;
+ md_nid = EVP_MD_type(md);
+ mgf1md_nid = EVP_MD_type(mgf1md);
+ if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
+ || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
+ || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
+ mgf1md_nid)
+ || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
+ || !ossl_rsa_pss_params_30_set_trailerfield(&pss_params,
+ trailerField))
+ return 0;
+ rsa->pss_params = pss_params;
+ }
return 1;
}
* is encountered requiring special handling. We currently only handle PSS.
*/
-static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
- X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
- EVP_PKEY *pkey)
+static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it,
+ const void *asn, const X509_ALGOR *sigalg,
+ const ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
{
/* Sanity check: make sure it is PSS */
if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
}
#endif
-static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig)
{
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
- if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+ if (label != NULL
+ && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
goto err;
/* Carry on */
rv = 1;
return pkey->pkey.rsa->dirty_cnt;
}
-DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
-
-static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
- EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
- const char *propq)
+/*
+ * For the moment, we trust the call path, where keys going through
+ * rsa_pkey_export_to() match a KEYMGMT for the "RSA" keytype, while
+ * keys going through rsa_pss_pkey_export_to() match a KEYMGMT for the
+ * "RSA-PSS" keytype.
+ * TODO(3.0) Investigate whether we should simply continue to trust the
+ * call path, or if we should strengthen this function by checking that
+ * |rsa_type| matches the RSA key subtype. The latter requires ensuring
+ * that the type flag for the RSA key is properly set by other functions
+ * in this file.
+ */
+static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
+ void *to_keydata, EVP_KEYMGMT *to_keymgmt,
+ OPENSSL_CTX *libctx, const char *propq)
{
RSA *rsa = from->pkey.rsa;
OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
- const BIGNUM *n = RSA_get0_n(rsa), *e = RSA_get0_e(rsa);
- const BIGNUM *d = RSA_get0_d(rsa);
- STACK_OF(BIGNUM_const) *primes = NULL, *exps = NULL, *coeffs = NULL;
- int numprimes = 0, numexps = 0, numcoeffs = 0;
OSSL_PARAM *params = NULL;
int selection = 0;
int rv = 0;
goto err;
/* Public parameters must always be present */
- if (n == NULL || e == NULL)
+ if (RSA_get0_n(rsa) == NULL || RSA_get0_e(rsa) == NULL)
goto err;
- /* |e| and |n| are always present */
- if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, e))
- goto err;
- if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, n))
+ if (!ossl_rsa_todata(rsa, tmpl, NULL))
goto err;
- selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
-
- if (d != NULL) {
- int i;
- /* Get all the primes and CRT params */
- if ((primes = sk_BIGNUM_const_new_null()) == NULL
- || (exps = sk_BIGNUM_const_new_null()) == NULL
- || (coeffs = sk_BIGNUM_const_new_null()) == NULL)
- goto err;
-
- if (!rsa_get0_all_params(rsa, primes, exps, coeffs))
- goto err;
+ selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+ if (RSA_get0_d(rsa) != NULL)
+ selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
- numprimes = sk_BIGNUM_const_num(primes);
- numexps = sk_BIGNUM_const_num(exps);
- numcoeffs = sk_BIGNUM_const_num(coeffs);
+ if (rsa->pss != NULL) {
+ const EVP_MD *md = NULL, *mgf1md = NULL;
+ int md_nid, mgf1md_nid, saltlen, trailerfield;
+ RSA_PSS_PARAMS_30 pss_params;
- /*
- * It's permisssible to have zero primes, i.e. no CRT params.
- * Otherwise, there must be at least two, as many exponents,
- * and one coefficient less.
- */
- if (numprimes != 0
- && (numprimes < 2 || numexps < 2 || numcoeffs < 1))
+ if (!rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md,
+ &saltlen, &trailerfield))
goto err;
-
- if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, d))
+ md_nid = EVP_MD_type(md);
+ mgf1md_nid = EVP_MD_type(mgf1md);
+ if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
+ || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
+ || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
+ mgf1md_nid)
+ || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
+ || !ossl_rsa_pss_params_30_todata(&pss_params, tmpl, NULL))
goto err;
- selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
-
- for (i = 0; i < numprimes && rsa_mp_factor_names[i] != NULL; i++) {
- const BIGNUM *num = sk_BIGNUM_const_value(primes, i);
-
- if (!OSSL_PARAM_BLD_push_BN(tmpl, rsa_mp_factor_names[i], num))
- goto err;
- }
-
- for (i = 0; i < numexps && rsa_mp_exp_names[i] != NULL; i++) {
- const BIGNUM *num = sk_BIGNUM_const_value(exps, i);
-
- if (!OSSL_PARAM_BLD_push_BN(tmpl, rsa_mp_exp_names[i], num))
- goto err;
- }
-
- for (i = 0; i < numcoeffs && rsa_mp_coeff_names[i] != NULL; i++) {
- const BIGNUM *num = sk_BIGNUM_const_value(coeffs, i);
-
- if (!OSSL_PARAM_BLD_push_BN(tmpl, rsa_mp_coeff_names[i], num))
- goto err;
- }
+ selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
}
if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
err:
- sk_BIGNUM_const_free(primes);
- sk_BIGNUM_const_free(exps);
- sk_BIGNUM_const_free(coeffs);
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free(tmpl);
return rv;
}
-static int rsa_pkey_import_from(const OSSL_PARAM params[], void *key)
+static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
+ int rsa_type)
{
- EVP_PKEY *pkey = key;
- RSA *rsa = RSA_new();
+ EVP_PKEY_CTX *pctx = vpctx;
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+ RSA *rsa = ossl_rsa_new_with_ctx(pctx->libctx);
+ RSA_PSS_PARAMS_30 rsa_pss_params = { 0, };
+ int ok = 0;
if (rsa == NULL) {
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
return 0;
}
- if (!rsa_fromdata(rsa, params)
- || !EVP_PKEY_assign_RSA(pkey, rsa)) {
- RSA_free(rsa);
- return 0;
+ RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
+ RSA_set_flags(rsa, rsa_type);
+
+ if (!ossl_rsa_pss_params_30_fromdata(&rsa_pss_params, params, pctx->libctx))
+ goto err;
+
+ switch (rsa_type) {
+ case RSA_FLAG_TYPE_RSA:
+ /*
+ * Were PSS parameters filled in?
+ * In that case, something's wrong
+ */
+ if (!ossl_rsa_pss_params_30_is_unrestricted(&rsa_pss_params))
+ goto err;
+ break;
+ case RSA_FLAG_TYPE_RSASSAPSS:
+ /*
+ * Were PSS parameters filled in? In that case, create the old
+ * RSA_PSS_PARAMS structure. Otherwise, this is an unrestricted key.
+ */
+ if (!ossl_rsa_pss_params_30_is_unrestricted(&rsa_pss_params)) {
+ /* Create the older RSA_PSS_PARAMS from RSA_PSS_PARAMS_30 data */
+ int mdnid = ossl_rsa_pss_params_30_hashalg(&rsa_pss_params);
+ int mgf1mdnid = ossl_rsa_pss_params_30_maskgenhashalg(&rsa_pss_params);
+ int saltlen = ossl_rsa_pss_params_30_saltlen(&rsa_pss_params);
+ const EVP_MD *md = EVP_get_digestbynid(mdnid);
+ const EVP_MD *mgf1md = EVP_get_digestbynid(mgf1mdnid);
+
+ if ((rsa->pss = rsa_pss_params_create(md, mgf1md, saltlen)) == NULL)
+ goto err;
+ }
+ break;
+ default:
+ /* RSA key sub-types we don't know how to handle yet */
+ goto err;
}
- return 1;
+
+ if (!ossl_rsa_fromdata(rsa, params))
+ goto err;
+
+ switch (rsa_type) {
+ case RSA_FLAG_TYPE_RSA:
+ ok = EVP_PKEY_assign_RSA(pkey, rsa);
+ break;
+ case RSA_FLAG_TYPE_RSASSAPSS:
+ ok = EVP_PKEY_assign(pkey, EVP_PKEY_RSA_PSS, rsa);
+ break;
+ }
+
+ err:
+ if (!ok)
+ RSA_free(rsa);
+ return ok;
+}
+
+static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq)
+{
+ return rsa_int_export_to(from, RSA_FLAG_TYPE_RSA, to_keydata,
+ to_keymgmt, libctx, propq);
+}
+
+static int rsa_pss_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq)
+{
+ return rsa_int_export_to(from, RSA_FLAG_TYPE_RSASSAPSS, to_keydata,
+ to_keymgmt, libctx, propq);
+}
+
+static int rsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
+{
+ return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSA);
+}
+
+static int rsa_pss_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
+{
+ return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSASSAPSS);
}
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
0, 0, 0, 0,
rsa_pkey_dirty_cnt,
- rsa_pkey_export_to,
- rsa_pkey_import_from
+ rsa_pss_pkey_export_to,
+ rsa_pss_pkey_import_from
};
projects / openssl.git / blobdiff