Beginnings of PSS support.

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 52f41c2502f8462d4f3b33159d782d8611996def..7d089fe931365e91c7e4a0d753729bf77ec41e8c 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -915,19 +915,21 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 #define EVP_PKEY_OP_DECRYPT            (1<<9)
 #define EVP_PKEY_OP_DERIVE             (1<<10)
 
-#define EVP_PKEY_OP_TYPE_SIGNATURE     \
+#define EVP_PKEY_OP_TYPE_SIG   \
        (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
                | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
 
-#define EVP_PKEY_OP_TYPE_CRYPTO \
-       (EVP_PKEY_OP_SIGNATURE | EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT \
-               | EVP_PKEY_OP_DERIVE)
+#define EVP_PKEY_OP_TYPE_CRYPT \
+       (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
 
-#define EVP_PKEY_OP_TYPE_GENERATE \
+#define EVP_PKEY_OP_TYPE_NOGEN \
+       (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
+
+#define EVP_PKEY_OP_TYPE_GEN \
                (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
 
 #define         EVP_PKEY_CTX_set_signature_md(ctx, md) \
-               EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIGNATURE,  \
+               EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
                                        EVP_PKEY_CTRL_MD, 0, (void *)md)
 
 #define EVP_PKEY_CTRL_MD               1

diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 02fdcd732e42322988fbabb9581817b04aa466a0..6df1e67fb6e4163a6457e68d871ae80cd4f91f9d 100644 (file)
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -204,6 +204,8 @@ struct rsa_st
 #define RSA_NO_PADDING         3
 #define RSA_PKCS1_OAEP_PADDING 4
 #define RSA_X931_PADDING       5
+/* EVP_PKEY_ only */
+#define RSA_PKCS1_PSS_PADDING  6
 
 #define RSA_PKCS1_PADDING_SIZE 11
 

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 696eef9332ad49db44d4cba446a98c47458b8ed0..989a7d794db4c637deeb989764a361780d5c0450 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -79,6 +79,8 @@ typedef struct
        int pad_mode;
        /* message digest */
        const EVP_MD *md;
+       /* PSS seedlength */
+       int pss_seedlen;
        /* Temp buffer */
        unsigned char *tbuf;
        } RSA_PKEY_CTX;
@@ -95,6 +97,8 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
        rctx->md = NULL;
        rctx->tbuf = NULL;
 
+       rctx->pss_seedlen = 0;
+
        ctx->data = rctx;
        
        return 1;
@@ -321,13 +325,18 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
        switch (type)
                {
                case EVP_PKEY_CTRL_RSA_PADDING:
-               /* TODO: add PSS support */
-               if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_X931_PADDING))
+               if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
                        {
-                       if (ctx->operation == EVP_PKEY_OP_KEYGEN)
+                       if (ctx->operation & EVP_PKEY_OP_TYPE_GEN)
                                return -2;
                        if (!check_padding_md(rctx->md, p1))
                                return 0;
+                       if ((p1 == RSA_PKCS1_PSS_PADDING) 
+                               && !(ctx->operation & EVP_PKEY_OP_TYPE_SIG))
+                               return -2;
+                       if ((p1 == RSA_PKCS1_OAEP_PADDING) 
+                               && !(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
+                               return -2;
                        rctx->pad_mode = p1;
                        return 1;
                        }
@@ -363,6 +372,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
                        pm = RSA_PKCS1_OAEP_PADDING;
                else if (!strcmp(value, "x931"))
                        pm = RSA_X931_PADDING;
+               else if (!strcmp(value, "pss"))
+                       pm = RSA_PKCS1_PSS_PADDING;
                else
                        return -2;
                return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);