PROV: Refactor the RSA DER support
authorRichard Levitte <levitte@openssl.org>
Sat, 2 May 2020 11:25:52 +0000 (13:25 +0200)
committerRichard Levitte <levitte@openssl.org>
Thu, 14 May 2020 10:16:35 +0000 (12:16 +0200)
We separate out the NIST arc OIDs to a separate file, so it can be
re-used, and also the DIGEST OIDs.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

providers/common/der/DIGESTS.asn1 [new file with mode: 0644]
providers/common/der/NIST.asn1 [new file with mode: 0644]
providers/common/der/RSA.asn1
providers/common/der/build.info
providers/common/der/der_digests.c.in [new file with mode: 0644]
providers/common/der/der_digests.h.in [new file with mode: 0644]
providers/common/der/der_rsa.c.in
providers/common/der/der_rsa.h.in

diff --git a/providers/common/der/DIGESTS.asn1 b/providers/common/der/DIGESTS.asn1
new file mode 100644 (file)
index 0000000..afed372
--- /dev/null
@@ -0,0 +1,19 @@
+-- -------------------------------------------------------------------
+-- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
+
+id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
+id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
+id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }
+id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }
+id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }
+id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }
+id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 }
+id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 }
+id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 }
+id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 }
+id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 }
+id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 }
+id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 }
+id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 }
+id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19}
+id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20}
diff --git a/providers/common/der/NIST.asn1 b/providers/common/der/NIST.asn1
new file mode 100644 (file)
index 0000000..3e43848
--- /dev/null
@@ -0,0 +1,8 @@
+-- -------------------------------------------------------------------
+-- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
+
+-- Copies of common OIDs used by other ASN.1 files.
+csor OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 }
+nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) }
+hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }
+sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
index 66511be..d0c54d7 100644 (file)
@@ -80,8 +80,6 @@ id-mgf1    OBJECT IDENTIFIER ::= { pkcs-1 8 }
 -- -------------------------------------------------------------------
 -- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
 
-sigAlgs OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 3 }
-
 id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 }
 id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 }
 id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 }
index eda763e..837fe73 100644 (file)
@@ -1,4 +1,4 @@
-$FIPSABLE=der_rsa.c der_dsa.c der_ec.c
+$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c
 
 SOURCE[../../libfips.a]=$FIPSABLE
 SOURCE[../../libnonfips.a]=$FIPSABLE
@@ -6,7 +6,7 @@ SOURCE[../../libnonfips.a]=$FIPSABLE
 GENERATE[der_rsa.c]=der_rsa.c.in
 DEPEND[der_rsa.c]=oids_to_c.pm
 
-DEPEND[der_rsa.o]=../include/prov/der_rsa.h
+DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h
 GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in
 DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm
 
@@ -23,3 +23,10 @@ DEPEND[der_ec.c]=oids_to_c.pm
 DEPEND[der_ec.o]=../include/prov/der_ec.h
 GENERATE[../include/prov/der_ec.h]=der_ec.h.in
 DEPEND[../include/prov/der_ec.h]=oids_to_c.pm
+
+GENERATE[der_digests.c]=der_digests.c.in
+DEPEND[der_digests.c]=oids_to_c.pm
+
+DEPEND[der_digests.o]=../include/prov/der_digests.h
+GENERATE[../include/prov/der_digests.h]=der_digests.h.in
+DEPEND[../include/prov/der_digests.h]=oids_to_c.pm
diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_digests.c.in
new file mode 100644 (file)
index 0000000..433c107
--- /dev/null
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "prov/der_digests.h"
+
+/* Well known OIDs precompiled */
+{-
+    $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
+                                     'providers/common/der/DIGESTS.asn1',
+                                     { dir => $config{sourcedir},
+                                       filter => \&oids_to_c::filter_to_C });
+-}
diff --git a/providers/common/der/der_digests.h.in b/providers/common/der/der_digests.h.in
new file mode 100644 (file)
index 0000000..91fbe1f
--- /dev/null
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/der.h"
+
+/* Well known OIDs precompiled */
+{-
+    $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
+                                     'providers/common/der/DIGESTS.asn1',
+                                     { dir => $config{sourcedir},
+                                       filter => \&oids_to_c::filter_to_H });
+-}
index bc7c009..d3bab85 100644 (file)
 
 #include <openssl/bn.h>
 #include <openssl/obj_mac.h>
+#include "internal/cryptlib.h"
 #include "prov/der_rsa.h"
+#include "prov/der_digests.h"
 
 /* Well known OIDs precompiled */
 {-
-    $OUT = oids_to_c::process_leaves('providers/common/der/RSA.asn1',
+    $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
+                                     'providers/common/der/DIGESTS.asn1',
+                                     'providers/common/der/RSA.asn1',
                                      { dir => $config{sourcedir},
                                        filter => \&oids_to_c::filter_to_C });
 -}
 
+/* More complex pre-compiled sequences.  TODO(3.0) refactor? */
+/*-
+ * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
+ *
+ * OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
+ *     { OID id-sha1       PARAMETERS NULL }|
+ *     { OID id-sha224     PARAMETERS NULL }|
+ *     { OID id-sha256     PARAMETERS NULL }|
+ *     { OID id-sha384     PARAMETERS NULL }|
+ *     { OID id-sha512     PARAMETERS NULL }|
+ *     { OID id-sha512-224 PARAMETERS NULL }|
+ *     { OID id-sha512-256 PARAMETERS NULL },
+ *     ...  -- Allows for future expansion --
+ * }
+ */
+#define DER_V_NULL DER_P_NULL, 0
+#define DER_SZ_NULL 2
+
+/*
+ * The names for the hash function AlgorithmIdentifiers are borrowed and
+ * expanded from https://tools.ietf.org/html/rfc4055#section-2.1
+ *
+ * sha1Identifier  AlgorithmIdentifier  ::=  { id-sha1, NULL }
+ * sha224Identifier  AlgorithmIdentifier  ::=  { id-sha224, NULL }
+ * sha256Identifier  AlgorithmIdentifier  ::=  { id-sha256, NULL }
+ * sha384Identifier  AlgorithmIdentifier  ::=  { id-sha384, NULL }
+ * sha512Identifier  AlgorithmIdentifier  ::=  { id-sha512, NULL }
+ */
+#if 0                            /* Currently unused */
+#define DER_AID_V_sha1Identifier                                        \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                                   \
+        DER_OID_SZ_id_sha1 + DER_SZ_NULL,                               \
+        DER_OID_V_id_sha1,                                              \
+        DER_V_NULL
+static const unsigned char der_aid_sha1Identifier[] = {
+    DER_AID_V_sha1Identifier
+};
+#define DER_AID_SZ_sha1Identifier sizeof(der_aid_sha1Identifier)
+#endif
+
+#define DER_AID_V_sha224Identifier                                      \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                                   \
+        DER_OID_SZ_id_sha224 + DER_SZ_NULL,                             \
+        DER_OID_V_id_sha224,                                            \
+        DER_V_NULL
+static const unsigned char der_aid_sha224Identifier[] = {
+    DER_AID_V_sha224Identifier
+};
+#define DER_AID_SZ_sha224Identifier sizeof(der_aid_sha224Identifier)
+
+#define DER_AID_V_sha256Identifier                                      \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                                   \
+        DER_OID_SZ_id_sha256 + DER_SZ_NULL,                             \
+        DER_OID_V_id_sha256,                                            \
+        DER_V_NULL
+static const unsigned char der_aid_sha256Identifier[] = {
+    DER_AID_V_sha256Identifier
+};
+#define DER_AID_SZ_sha256Identifier sizeof(der_aid_sha256Identifier)
+
+#define DER_AID_V_sha384Identifier                                      \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                                   \
+        DER_OID_SZ_id_sha384 + DER_SZ_NULL,                             \
+        DER_OID_V_id_sha384,                                            \
+        DER_V_NULL
+static const unsigned char der_aid_sha384Identifier[] = {
+    DER_AID_V_sha384Identifier
+};
+#define DER_AID_SZ_sha384Identifier sizeof(der_aid_sha384Identifier)
+
+#define DER_AID_V_sha512Identifier                                      \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                                   \
+        DER_OID_SZ_id_sha512 + DER_SZ_NULL,                             \
+        DER_OID_V_id_sha512,                                            \
+        DER_V_NULL
+static const unsigned char der_aid_sha512Identifier[] = {
+    DER_AID_V_sha512Identifier
+};
+#define DER_AID_SZ_sha512Identifier sizeof(der_aid_sha512Identifier)
+
+#define DER_AID_V_sha512_224Identifier                                  \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                                   \
+        DER_OID_SZ_id_sha512_224 + DER_SZ_NULL,                         \
+        DER_OID_V_id_sha512_224,                                        \
+        DER_V_NULL
+static const unsigned char der_aid_sha512_224Identifier[] = {
+    DER_AID_V_sha512_224Identifier
+};
+#define DER_AID_SZ_sha512_224Identifier sizeof(der_aid_sha512_224Identifier)
+
+#define DER_AID_V_sha512_256Identifier                                  \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                                   \
+        DER_OID_SZ_id_sha512_256 + DER_SZ_NULL,                         \
+        DER_OID_V_id_sha512_256,                                        \
+        DER_V_NULL
+static const unsigned char der_aid_sha512_256Identifier[] = {
+    DER_AID_V_sha512_256Identifier
+};
+#define DER_AID_SZ_sha512_256Identifier sizeof(der_aid_sha512_256Identifier)
+
+/*-
+ * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
+ *
+ * HashAlgorithm ::= AlgorithmIdentifier {
+ *    {OAEP-PSSDigestAlgorithms}
+ * }
+ *
+ * ...
+ *
+ * PKCS1MGFAlgorithms    ALGORITHM-IDENTIFIER ::= {
+ *     { OID id-mgf1 PARAMETERS HashAlgorithm },
+ *     ...  -- Allows for future expansion --
+ * }
+ */
+
+/*
+ * The names for the MGF1 AlgorithmIdentifiers are borrowed and expanded
+ * from https://tools.ietf.org/html/rfc4055#section-2.1
+ *
+ * mgf1SHA1Identifier  AlgorithmIdentifier  ::=
+ *                      { id-mgf1, sha1Identifier }
+ * mgf1SHA224Identifier  AlgorithmIdentifier  ::=
+ *                      { id-mgf1, sha224Identifier }
+ * mgf1SHA256Identifier  AlgorithmIdentifier  ::=
+ *                      { id-mgf1, sha256Identifier }
+ * mgf1SHA384Identifier  AlgorithmIdentifier  ::=
+ *                      { id-mgf1, sha384Identifier }
+ * mgf1SHA512Identifier  AlgorithmIdentifier  ::=
+ *                      { id-mgf1, sha512Identifier }
+ */
+#if 0                            /* Currently unused */
+#define DER_AID_V_mgf1SHA1Identifier                                    \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                                   \
+        DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier,                 \
+        DER_OID_V_id_mgf1,                                              \
+        DER_AID_V_sha1Identifier
+static const unsigned char der_aid_mgf1SHA1Identifier[] = {
+    DER_AID_V_mgf1SHA1Identifier
+};
+#define DER_AID_SZ_mgf1SHA1Identifier sizeof(der_aid_mgf1SHA1Identifier)
+#endif
+
+#define DER_AID_V_mgf1SHA224Identifier                          \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                           \
+        DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier,       \
+        DER_OID_V_id_mgf1,                                      \
+        DER_AID_V_sha224Identifier
+static const unsigned char der_aid_mgf1SHA224Identifier[] = {
+    DER_AID_V_mgf1SHA224Identifier
+};
+#define DER_AID_SZ_mgf1SHA224Identifier sizeof(der_aid_mgf1SHA224Identifier)
+
+#define DER_AID_V_mgf1SHA256Identifier                          \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                           \
+        DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier,       \
+        DER_OID_V_id_mgf1,                                      \
+        DER_AID_V_sha256Identifier
+static const unsigned char der_aid_mgf1SHA256Identifier[] = {
+    DER_AID_V_mgf1SHA256Identifier
+};
+#define DER_AID_SZ_mgf1SHA256Identifier sizeof(der_aid_mgf1SHA256Identifier)
+
+#define DER_AID_V_mgf1SHA384Identifier                          \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                           \
+        DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier,       \
+        DER_OID_V_id_mgf1,                                      \
+        DER_AID_V_sha384Identifier
+static const unsigned char der_aid_mgf1SHA384Identifier[] = {
+    DER_AID_V_mgf1SHA384Identifier
+};
+#define DER_AID_SZ_mgf1SHA384Identifier sizeof(der_aid_mgf1SHA384Identifier)
+
+#define DER_AID_V_mgf1SHA512Identifier                          \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                           \
+        DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier,       \
+        DER_OID_V_id_mgf1,                                      \
+        DER_AID_V_sha512Identifier
+static const unsigned char der_aid_mgf1SHA512Identifier[] = {
+    DER_AID_V_mgf1SHA512Identifier
+};
+#define DER_AID_SZ_mgf1SHA512Identifier sizeof(der_aid_mgf1SHA512Identifier)
+
+#define DER_AID_V_mgf1SHA512_224Identifier                      \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                           \
+        DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier,   \
+        DER_OID_V_id_mgf1,                                      \
+        DER_AID_V_sha512_224Identifier
+static const unsigned char der_aid_mgf1SHA512_224Identifier[] = {
+    DER_AID_V_mgf1SHA512_224Identifier
+};
+#define DER_AID_SZ_mgf1SHA512_224Identifier sizeof(der_aid_mgf1SHA512_224Identifier)
+
+#define DER_AID_V_mgf1SHA512_256Identifier                      \
+    DER_P_SEQUENCE|DER_F_CONSTRUCTED,                           \
+        DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier,   \
+        DER_OID_V_id_mgf1,                                      \
+        DER_AID_V_sha512_256Identifier
+static const unsigned char der_aid_mgf1SHA512_256Identifier[] = {
+    DER_AID_V_mgf1SHA512_256Identifier
+};
+#define DER_AID_SZ_mgf1SHA512_256Identifier sizeof(der_aid_mgf1SHA512_256Identifier)
+
+
+#define MGF1_SHA_CASE(bits, var)                                \
+    case NID_sha##bits:                                         \
+        var = der_aid_mgf1SHA##bits##Identifier;                \
+        var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier);   \
+        break;
+
+/*-
+ * The name is borrowed from https://tools.ietf.org/html/rfc8017#appendix-A.2.1
+ *
+ * MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
+ */
+static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag,
+                                  const RSA_PSS_PARAMS_30 *pss)
+{
+    if (pss != NULL && rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) {
+        int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss);
+        const unsigned char *maskgenalg = NULL;
+        size_t maskgenalg_sz = 0;
+
+        switch (maskgenhashalg_nid) {
+        case NID_sha1:
+            break;
+            MGF1_SHA_CASE(224, maskgenalg);
+            MGF1_SHA_CASE(256, maskgenalg);
+            MGF1_SHA_CASE(384, maskgenalg);
+            MGF1_SHA_CASE(512, maskgenalg);
+            MGF1_SHA_CASE(512_224, maskgenalg);
+            MGF1_SHA_CASE(512_256, maskgenalg);
+        default:
+            return 0;
+        }
+
+        /* If there is none (or it was the default), we write nothing */
+        if (maskgenalg == NULL)
+            return 1;
+
+        return DER_w_precompiled(pkt, tag, maskgenalg, maskgenalg_sz);
+    }
+    return 0;
+}
+
+#define OAEP_PSS_MD_CASE(name, var)                                     \
+    case NID_##name:                                                    \
+        var = der_oid_id_##name;                                        \
+        var##_sz = sizeof(der_oid_id_##name);                           \
+        break;
+
+int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss)
+{
+    int hashalg_nid, default_hashalg_nid;
+    int saltlen, default_saltlen;
+    int trailerfield, default_trailerfield;
+    const unsigned char *hashalg = NULL;
+    size_t hashalg_sz = 0;
+
+    /*
+     * For an unrestricted key, this function should not have been called;
+     * the caller must be in control, because unrestricted keys are permitted
+     * in some situations (when encoding the public key in a SubjectKeyInfo,
+     * for example) while not in others, and this function doesn't know the
+     * intent.  Therefore, we assert that here, the PSS parameters must show
+     * that the key is restricted.
+     */
+    if (!ossl_assert(pss != NULL && !rsa_pss_params_30_is_unrestricted(pss)))
+        return 0;
+
+    hashalg_nid = rsa_pss_params_30_hashalg(pss);
+    saltlen = rsa_pss_params_30_saltlen(pss);
+    trailerfield = rsa_pss_params_30_trailerfield(pss);
+
+    /* Getting default values */
+    default_hashalg_nid = rsa_pss_params_30_hashalg(NULL);
+    default_saltlen = rsa_pss_params_30_saltlen(NULL);
+    default_trailerfield = rsa_pss_params_30_trailerfield(NULL);
+
+    /*
+     * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1:
+     *
+     * OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
+     *     { OID id-sha1       PARAMETERS NULL }|
+     *     { OID id-sha224     PARAMETERS NULL }|
+     *     { OID id-sha256     PARAMETERS NULL }|
+     *     { OID id-sha384     PARAMETERS NULL }|
+     *     { OID id-sha512     PARAMETERS NULL }|
+     *     { OID id-sha512-224 PARAMETERS NULL }|
+     *     { OID id-sha512-256 PARAMETERS NULL },
+     *     ...  -- Allows for future expansion --
+     * }
+     */
+    switch (hashalg_nid) {
+        OAEP_PSS_MD_CASE(sha1, hashalg);
+        OAEP_PSS_MD_CASE(sha224, hashalg);
+        OAEP_PSS_MD_CASE(sha256, hashalg);
+        OAEP_PSS_MD_CASE(sha384, hashalg);
+        OAEP_PSS_MD_CASE(sha512, hashalg);
+        OAEP_PSS_MD_CASE(sha512_224, hashalg);
+        OAEP_PSS_MD_CASE(sha512_256, hashalg);
+    default:
+        return 0;
+    }
+
+    return DER_w_begin_sequence(pkt, tag)
+        && (trailerfield == default_trailerfield
+            || DER_w_ulong(pkt, 3, trailerfield))
+        && (saltlen == default_saltlen || DER_w_ulong(pkt, 2, saltlen))
+        && DER_w_MaskGenAlgorithm(pkt, 1, pss)
+        && (hashalg_nid == default_hashalg_nid
+            || DER_w_precompiled(pkt, 0, hashalg, hashalg_sz))
+        && DER_w_end_sequence(pkt, tag);
+}
+
+/* Aliases so we can have a uniform RSA_CASE */
+#define der_oid_rsassaPss der_oid_id_RSASSA_PSS
+
+#define RSA_CASE(name, var)                                             \
+    var##_nid = NID_##name;                                             \
+    var##_oid = der_oid_##name;                                         \
+    var##_oid_sz = sizeof(der_oid_##name);                              \
+    break;
+
 int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa)
 {
+    int rsa_nid = NID_undef;
+    const unsigned char *rsa_oid = NULL;
+    size_t rsa_oid_sz = 0;
+    RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa);
+
+    switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
+    case RSA_FLAG_TYPE_RSA:
+        RSA_CASE(rsaEncryption, rsa);
+    case RSA_FLAG_TYPE_RSASSAPSS:
+        RSA_CASE(rsassaPss, rsa);
+    }
+
+    if (rsa_oid == NULL)
+        return 0;
+
     return DER_w_begin_sequence(pkt, tag)
-        /* No parameters (yet?) */
-        && DER_w_precompiled(pkt, -1, der_oid_rsaEncryption,
-                             sizeof(der_oid_rsaEncryption))
+        && (rsa_nid != NID_rsassaPss
+            || rsa_pss_params_30_is_unrestricted(pss_params)
+            || DER_w_RSASSA_PSS_params(pkt, -1, pss_params))
+        && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz)
         && DER_w_end_sequence(pkt, tag);
 }
 
-/* Aliases so we can have a uniform MD_CASE */
+/* Aliases so we can have a uniform MD_with_RSA_CASE */
 #define der_oid_sha3_224WithRSAEncryption \
     der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224
 #define der_oid_sha3_256WithRSAEncryption \
@@ -37,10 +380,10 @@ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa)
 #define der_oid_sha3_512WithRSAEncryption \
     der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512
 
-#define MD_CASE(name)                                                   \
+#define MD_with_RSA_CASE(name, var)                                     \
     case NID_##name:                                                    \
-        precompiled = der_oid_##name##WithRSAEncryption;                \
-        precompiled_sz = sizeof(der_oid_##name##WithRSAEncryption);     \
+        var = der_oid_##name##WithRSAEncryption;                        \
+        var##_sz = sizeof(der_oid_##name##WithRSAEncryption);           \
         break;
 
 int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
@@ -51,23 +394,23 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
 
     switch (mdnid) {
 #ifndef FIPS_MODULE
-        MD_CASE(md2);
-        MD_CASE(md5);
-        MD_CASE(md4);
-        MD_CASE(ripemd160);
+        MD_with_RSA_CASE(md2, precompiled);
+        MD_with_RSA_CASE(md5, precompiled);
+        MD_with_RSA_CASE(md4, precompiled);
+        MD_with_RSA_CASE(ripemd160, precompiled);
 /* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */
 #endif
-        MD_CASE(sha1);
-        MD_CASE(sha224);
-        MD_CASE(sha256);
-        MD_CASE(sha384);
-        MD_CASE(sha512);
-        MD_CASE(sha512_224);
-        MD_CASE(sha512_256);
-        MD_CASE(sha3_224);
-        MD_CASE(sha3_256);
-        MD_CASE(sha3_384);
-        MD_CASE(sha3_512);
+        MD_with_RSA_CASE(sha1, precompiled);
+        MD_with_RSA_CASE(sha224, precompiled);
+        MD_with_RSA_CASE(sha256, precompiled);
+        MD_with_RSA_CASE(sha384, precompiled);
+        MD_with_RSA_CASE(sha512, precompiled);
+        MD_with_RSA_CASE(sha512_224, precompiled);
+        MD_with_RSA_CASE(sha512_256, precompiled);
+        MD_with_RSA_CASE(sha3_224, precompiled);
+        MD_with_RSA_CASE(sha3_256, precompiled);
+        MD_with_RSA_CASE(sha3_384, precompiled);
+        MD_with_RSA_CASE(sha3_512, precompiled);
     default:
         return 0;
     }
index 3f7cc0e..53f6227 100644 (file)
@@ -7,15 +7,20 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "crypto/rsa.h"
 #include "internal/der.h"
 
 /* Well known OIDs precompiled */
 {-
-    $OUT = oids_to_c::process_leaves('providers/common/der/RSA.asn1',
+    $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
+                                     'providers/common/der/DIGESTS.asn1',
+                                     'providers/common/der/RSA.asn1',
                                      { dir => $config{sourcedir},
                                        filter => \&oids_to_c::filter_to_H });
 -}
 
+int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag,
+                            const RSA_PSS_PARAMS_30 *pss);
 int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa);
 int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
                                        RSA *rsa, int mdnid);