/*
- * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+#include "internal/constant_time.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/evp.h>
#include <openssl/x509v3.h>
#include <openssl/cms.h>
-#include "internal/evp_int.h"
-#include "rsa_locl.h"
+#include "crypto/evp.h"
+#include "crypto/rsa.h"
+#include "rsa_local.h"
/* RSA pkey context structure */
if (rctx == NULL)
return 0;
- rctx->nbits = 1024;
+ rctx->nbits = 2048;
rctx->primes = RSA_DEFAULT_PRIME_NUM;
if (pkey_ctx_is_pss(ctx))
rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
return 1;
}
-static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+static int pkey_rsa_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
{
RSA_PKEY_CTX *dctx, *sctx;
dctx->pad_mode = sctx->pad_mode;
dctx->md = sctx->md;
dctx->mgf1md = sctx->mgf1md;
+ dctx->saltlen = sctx->saltlen;
if (sctx->oaep_label) {
OPENSSL_free(dctx->oaep_label);
dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
{
if (ctx->tbuf != NULL)
return 1;
- ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
- if (ctx->tbuf == NULL)
+ if ((ctx->tbuf = OPENSSL_malloc(RSA_size(pk->pkey->pkey.rsa))) == NULL) {
+ RSAerr(RSA_F_SETUP_TBUF, ERR_R_MALLOC_FAILURE);
return 0;
+ }
return 1;
}
return ret;
ret = sltmp;
} else if (rctx->pad_mode == RSA_X931_PADDING) {
- if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
+ if ((size_t)RSA_size(rsa) < tbslen + 1) {
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL);
return -1;
}
ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
rctx->pad_mode);
}
- if (ret < 0)
- return ret;
- *outlen = ret;
- return 1;
+ *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
+ ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
+ return ret;
}
static int check_padding_md(const EVP_MD *md, int padding)
case NID_sha256:
case NID_sha384:
case NID_sha512:
+ case NID_sha512_224:
+ case NID_sha512_256:
case NID_md5:
case NID_md5_sha1:
case NID_md2:
return 1;
case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
- if (p1 < 512) {
+ if (p1 < RSA_MIN_MODULUS_BITS) {
RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
return -2;
}
BIGNUM *pubexp = NULL;
if (!BN_asc2bn(&pubexp, value))
return 0;
- ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
- if (ret <= 0)
- BN_free(pubexp);
+ ret = EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, pubexp);
+ BN_free(pubexp);
return ret;
}
return ret;
}
-const EVP_PKEY_METHOD rsa_pkey_meth = {
+static const EVP_PKEY_METHOD rsa_pkey_meth = {
EVP_PKEY_RSA,
EVP_PKEY_FLAG_AUTOARGLEN,
pkey_rsa_init,
pkey_rsa_ctrl_str
};
+const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void)
+{
+ return &rsa_pkey_meth;
+}
+
/*
* Called for PSS sign or verify initialisation: checks PSS parameter
* sanity and sets any restrictions on key usage.
return 1;
}
-const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
+static const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
EVP_PKEY_RSA_PSS,
EVP_PKEY_FLAG_AUTOARGLEN,
pkey_rsa_init,
pkey_rsa_ctrl,
pkey_rsa_ctrl_str
};
+
+const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void)
+{
+ return &rsa_pss_pkey_meth;
+}